Enciphering/deciphering device and method, and encryption/decryption communication system

ABSTRACT

A plaintext file 41 is enciphered using a file key 44, to generate ciphertext 42. The file key 44 is enciphered using a secret key 47 and a management key 48, respectively, to form an enciphered key 1 (45) and an enciphered key 2 (46). An enciphered file 43 is produced from the ciphertext 42, the enciphered key 1 and the enciphered key 2. At the time of decryption, the enciphered key 1 is taken out from the enciphered file 43. The enciphered key 1 taken out is deciphered using a secret key 47, to obtain a file key 44. The ciphertext 42 is deciphered using the file key 44, to obtain the plaintext 41.

TECHNICAL FIELD

The present invention relates to an enciphering/deciphering device forperforming at least one of encryption processing of data and decryptionprocessing of enciphered data. Further, the present invention relates toan encryption/decryption communication system in whichenciphering/deciphering devices are connected to each other throughcommunicating means. The enciphering/deciphering device is the conceptincluding an enciphering device for enciphering (encrypting) plaintextdata, a deciphering device for deciphering (decrypting) ciphertext data,and a device for performing both encryption processing and decryptionprocessing. Similarly, an enciphering/deciphering method is the conceptincluding a method of enciphering plaintext data, a method ofdeciphering ciphertext data, and a method of performing both encryptionprocessing and decryption processing. The encryption/decryptioncommunication system is the concept including a communication systemcomprising an enciphering device, a communication system comprising adeciphering device, and a communication system comprising both theenciphering device and the deciphering device.

BACKGROUND ART

In order to prevent leakage of the contents of document data generatedby a word processor, code data of a computer program, statistical data,total data, and the like, the data are enciphered.

Encryption processing has been conventionally performed using as a keyused for enciphering data (an encryption key) a key entered from aninput device such as a keyboard or a key selected from a key tablestored in a device for performing encryption processing (a computersystem, etc.).

In such a conventional method, however, an encryption key (=a decryptionkey) may, in some cases, be seen by a third person or orally conveyed toa third person due to carelessness of a person who performs encryptionprocessing (a creator of ciphertext), whereby it is highly possible thatthe encryption key is known by the third person. Consequently, thesecrecy of the data cannot be sufficiently held. When a manager ofciphertext other than the creator of ciphertext sees the contents of theciphertext, the creator must inform the manager of a decryption key foreach production of ciphertext. When the creator informs the manager ofthe decryption key, the decryption key may be known by the third persondue to carelessness or the like. In addition, the management of acorrespondence between the ciphertext and the decryption key alsobecomes complicated for both the creator and the manager.

Furthermore, generally in a company or the like, a staff membergenerates ciphertext, and his or her superior manages the ciphertext. Insuch a case, the superior desires to prevent the ciphertext from beingdeciphered and known by a third person due to carelessness of the staffmember by making it impossible for the staff member to decipher theciphertext. That is, the superior has a strong request to intensivelymanage the secrecy of the ciphertext.

DISCLOSURE OF THE INVENTION

An object of the present invention is to prevent a key used at the timeof encryption from being easily known by a third person. An object ofthe present invention is to make it easy to manage a correspondencebetween ciphertext and a key used for encryption. An object of thepresent invention is to make it possible for a manager to intensivelymanage ciphertext.

An enciphering/deciphering device according to the first inventioncomprises data encryption key forming means for forming a dataencryption key used for enciphering plaintext data, secret key formingmeans for forming a secret key used for enciphering the data encryptionkey formed by the data encryption key forming means, management keyforming means for forming a management key used for enciphering the dataencryption key formed by the data encryption key forming means, dataenciphering means for enciphering the plaintext data using the dataencryption key to form ciphertext data, first key enciphering means forenciphering the data encryption key using the secret key to form a firstenciphered key, second key enciphering means for enciphering the dataencryption key using the management key to form a second enciphered key,and first storage controlling means for storing the ciphertext data, thefirst enciphered key, and the second enciphered key in a first storagemedium.

An enciphering/deciphering method according to the first inventioncomprises the steps of forming a data encryption key used forenciphering plaintext data, forming a secret key used for encipheringthe formed data encryption key, forming a management key used forenciphering the formed data encryption key, enciphering the plaintextdata using the data encryption key to form ciphertext data, encipheringthe data encryption key using the secret key to form a first encipheredkey, enciphering the data encryption key using the management key toform a second enciphered key, and storing the ciphertext data, the firstenciphered key and the second enciphered key in a first storage medium.

There are several methods of forming a data encryption key by dataencryption key forming means. One of them is a method of generating dataused for key formation and forming a data encryption key on the basis ofthe generated data. Arbitrary data is generated within a computer. Acounted value of a counter for counting a time interval between entriesusing two keys by an operator, for example, can be employed for thisdata. The data thus generated is enciphered. A key used for encryptionwill be generated, similarly to the above-mentioned data. The enciphereddata becomes a data encryption key.

Another method is a method of generating a first pseudo-random numberand a second pseudo-random number by software or hardware andenciphering the generated first pseudo-random number using the secondpseudo-random number as a key to form a data encryption key. The firstpseudo-random number and the second pseudo-random number may be the sameor different from each other. Alternatively, a plurality of upper bitsof one random number and a plurality of lower bits thereof can be alsoused as the first pseudo-random number and the second pseudo-randomnumber, respectively.

There are several methods of forming a secret key by secret key formingmeans. One of them is a method of generating data used for key formationand forming a secret key on the basis of the generated data. The secondmethod is a method of generating a first pseudo-random number and asecond pseudo-random number and enciphering the generated firstpseudo-random number using the second pseudo-random number as a key toform a secret key. The methods are realized by the same processing asthe above-mentioned formation of the data encryption key.

The third method is a method of forming a secret key on the basis ofdata externally inputted. For example, an operator enters his or herpassword from a keyboard. The entered password becomes a secret key. Inthis case, secret key forming means is realized by means for acceptingthe entry. The entered password may be enciphered using a particularkey, and the enciphered password may be a secret key. The particular keymay be previously set within a computer, can be also set on the basis ofa time interval between key entries, for example, as described above,and can be also obtained by generating a pseudo-random number.

The fourth method is a method of forming a secret key on the basis ofdata stored in a storage medium externally given. A floppy disk, an ICcard, a magnetic card, an optical card, and other media are used as thestorage medium. The above-mentioned data stored in the storage mediummay be, of course, a secret key itself. In this case, the secret keyforming means is realized by means for reading the data from the storagemedium. The data stored in the storage medium may be enciphered using aparticular key, and the enciphered data may be a secret key.

There are also several methods of forming a management key by managementkey forming means. One of them is a method of forming a management keyon the basis of data previously fed. For example, particular datapreviously stored in a ROM, a RAM, an internal disk device, or the likewithin a computer becomes a management key. In this case, the managementkey forming means is realized by means for reading data from the ROM orthe like.

The second method is a method of forming a management key on the basisof data stored in a storage medium externally given. The third method isa method of generating data used for key formation and forming amanagement key on the basis of the generated data. The fourth method isa method of generating a first pseudo-random number and a secondpseudo-random number and enciphering the generated first pseudo-randomnumber using the second pseudo-random number as a key to form amanagement key. The methods are realized by the same processing as theformation of the data encryption key or the formation of the secret key.

Examples of plaintext data include various data such as document dataprepared by a word processor, code data of a computer program,statistical data and total data. When the enciphered data is furtherenciphered, the enciphered data is included in the plaintext data.

As a method of enciphering (deciphering) plaintext data and a key,various algorithms such as a DES (Data Encryption Standard) algorithmand FEAL (Fast Encryption Algorithm) can be used. Further, it does notmatter which of a symmetric cryptosystem and an asymmetric cryptosystem(of a modulo exponentiation type, a knapsack type, etc.) is used as analgorithm, and which of a block cipher and a stream cipher (a Vernamcipher, NFSR (Non-linear Feedback Shift Register), etc.) is used.

A data encryption key for enciphering plaintext data is automaticallyformed. Plaintext data is enciphered using the formed data encryptionkey, to form ciphertext data. A secret key and a management key forenciphering the data encryption key are further formed. The dataencryption key is enciphered using the formed secret key, to form afirst enciphered key. Further, the data encryption key is encipheredusing the formed management key, to form a second enciphered key. Theciphertext data, the first enciphered key and the second enciphered keyare stored in a first storage medium.

The first storage medium may be a floppy disk or a transmission buffer.In the case of the floppy disk, the ciphertext data can be handed overfrom a creator of ciphertext data to another person such as a manager.In the case of the transmission buffer, the ciphertext data can betransmitted to another device or the like. Further, the first storagemedium may be a storage medium such as a hard disk device, an IC card, amagnetic card, or an optical card.

According to the present embodiment, a data encryption key forenciphering plaintext data is automatically formed, whereby a creator ofciphertext data need not enter a key, and need not know the contents ofthe key. Consequently, the data encryption key can be prevented fromleaking out to a third person due to carelessness, for example, of thecreator of ciphertext data.

Furthermore, ciphertext data and a data encryption key (which isenciphered as a first or second enciphered key) for deciphering theciphertext data are stored in a first storage medium, whereby themanagement of a correspondence therebetween is easy. Further, the dataencryption key is enciphered using a secret key and a management key,respectively. Accordingly, even if the ciphertext data and the dataencryption key for deciphering the ciphertext data are stored in onestorage medium, it is possible to maintain high security.

An operator who has enciphered plaintext data can have a secret key.When the secret key is formed on the basis of data inputted by theoperator, the operator (the creator of ciphertext data) can use theinputted data as a secret key because he or she reasonably knows theinputted data. When the secret key is formed on the basis of encryptionof the inputted data or counting, the formed secret key is stored in astorage medium (for example, a floppy disk). Alternatively, when thesecret key is previously stored in a storage medium, the operator hasthe storage medium. Consequently, the operator can decipher theciphertext data using the secret key in the storage medium.

A manager who manages ciphertext data can have a management key. Whenthe management key is formed on the basis of data previously fed to thedevice, the manager can reasonably form the management key on the basisof the data at the time of decryption. When the management key is formedon the basis of encryption of inputted data or counting, the formedmanagement key is stored in a storage medium (for example, a floppydisk). Alternatively, when the management key is previously stored inthe storage medium, the manager has the storage medium. Consequently,the manager can decipher the ciphertext data using the management key inthe storage medium.

Preferably, the data encryption key forming means generates a firstpseudo-random number and a second pseudo-random number, and enciphersthe generated first pseudo-random number using the second pseudo-randomnumber as a key to form a data encryption key. Since the data encryptionkey is formed by further enciphering the pseudo-random number, the dataencryption key can be random data, whereby it can be difficult for athird person to presume the key.

In one embodiment of the present invention, the enciphering/decipheringdevice comprises second storage controlling means for storing themanagement key formed by the management key forming means in a secondstorage medium. Examples of the second storage medium include variousstorage media such as a hard disk, a floppy disk, an IC card, a magneticcard, an optical card, and a transmission buffer. When the secondstorage medium is a portable medium such as a floppy disk or an IC card,the second storage medium is handed over to a manager, whereby themanager can decipher ciphertext data using a management key stored inthe handed medium. By previously distributing the medium storing themanagement key to the manager, the creator and the manager need not knowthe contents of the management key and are released from trouble inmanaging a correspondence between the ciphertext data and the key.

There is preferably provided eliminating means for erasing the firstenciphered key or the second enciphered key from the first storagemedium. In a case where a creator who creates ciphertext data manages asecret key and a manager who manages ciphertext data manages amanagement key, the manager eliminates the first enciphered key so thatthe creator becomes incapable of deciphering the ciphertext data.Consequently, plaintext data obtained by the decryption can be preventedfrom being known by a third person due to carelessness of the creator,whereby the manager can intensively manage the secrecy of the ciphertextdata. By eliminating the second enciphered key, the manager also becomesincapable of deciphering the ciphertext data. In a case where a newperson takes the place of the manager, for example, therefore, it ispossible to prevent the ciphertext data from being decrypted by a personwho has been a manager in the past.

In one embodiment of the present invention, in theenciphering/deciphering device, the management key forming means forms aplurality of management keys. The enciphering/deciphering devicecomprises selecting means for selecting one of the plurality ofmanagement keys formed by the management key forming means. The secondkey enciphering means enciphers the data encryption key using themanagement key selected by the selecting means. A creator of ciphertextcan select one of the plurality of management keys formed by themanagement key forming means using the selecting means. The dataencryption key is enciphered using the selected management key, to forma second enciphered key. When a plurality of managers respectively havedifferent management keys, the creator of ciphertext can encipherplaintext data by selecting the management key which the manager whomanages the ciphertext has.

In a preferred embodiment, there are provided first key decipheringmeans for deciphering the first enciphered key stored in the firststorage medium using the secret key to form a data encryption key, datadeciphering means for deciphering the ciphertext data stored in thefirst storage medium using the data encryption key formed by the firstkey deciphering means to form plaintext data, and third storagecontrolling means for storing the plaintext data formed by the datadeciphering means in a third storage medium. The first enciphered key isdeciphered using the secret key, to form a data encryption key. Theciphertext data is deciphered using the data encryption key, to formplaintext data. The formed plaintext data is stored in the third storagemedium. When a creator of ciphertext who has the secret key desires toconfirm the contents of the ciphertext data, for example, the creatorcan decipher the ciphertext to form plaintext.

In another preferred embodiment, there are provided second keydeciphering means for deciphering the second enciphered key stored inthe first storage medium using the management key to form a dataencryption key, data deciphering means for deciphering the ciphertextdata stored in the first storage medium using the data encryption keyformed by the second key deciphering means to form plaintext data, andthird storage controlling means for storing the plaintext data formed bythe data deciphering means in a third storage medium. The secondenciphered key is deciphered using the management key, to form a dataencryption key. The ciphertext data is deciphered using the dataencryption key, to form plaintext data. The formed plaintext data isstored in the third storage medium. Consequently, a manager ofciphertext who has the management key can decipher the ciphertext datato form plaintext data and know the contents thereof.

Examples of the third storage medium include an internal memory (forexample, a RAM) in a computer, a hard disk, a floppy disk, an IC card, amagnetic card, an optical card, and a transmission buffer.

An enciphering/deciphering device according to the second inventioncomprises reading means for reading out from a first storage mediumstoring ciphertext data, a first enciphered key and a second encipheredkey the ciphertext data and the first enciphered key, secret keyentering means for entering a secret key used for deciphering the firstenciphered key read out by the reading means, key deciphering means fordeciphering the first enciphered key using the secret key entered by thesecret key entering means to form a data decryption key, datadeciphering means for deciphering the ciphertext data using the datadecryption key formed by the key deciphering means to form plaintextdata, and storage controlling means for storing the plaintext dataformed by the data deciphering means in a second storage medium.

An enciphering/deciphering method according to the second inventioncomprises the steps of reading out from a first storage medium storingciphertext data, a first enciphered key and a second enciphered key theciphertext data and the first enciphered key, deciphering the firstenciphered key using an entered secret key to form a data decryptionkey, deciphering the ciphertext data using the formed data decryptionkey to form plaintext data, and storing the formed plaintext data in asecond storage medium.

Examples of the first and second storage media include various mediasuch as an internal memory (for example, a RAM) in a computer, atransmission buffer, a magnetic disk, an optical disk, a floppy disk, anIC card, a memory card, and an optical card.

Examples of the secret key entering means include a keyboard or apointing device for entering a secret key, and a device for reading asecret key from a storage medium (a floppy disk, an IC card, a magneticcard, an optical card, etc.). When the secret key is entered from thekeyboard or the like, the same key as the secret key formed when theplaintext data is enciphered in the enciphering/deciphering deviceaccording to the first invention will be entered. The same key as thesecret key formed when the plaintext data is enciphered is stored in thestorage medium. The secret key may be individually stored. When theciphertext data is stored as a file, the secret key may be stored insuch a form as to have a correspondence with the name of the file.

The first enciphered key stored in the first storage medium isdeciphered using the entered secret key, to form a data encryption key.The ciphertext data stored in the first storage medium is decipheredusing the data encryption key, to form plaintext data. The formedplaintext data is stored in the second storage medium. According to thepresent invention, a person who has a secret key, that is, theabove-mentioned creator of ciphertext can decipher the ciphertext datato form plaintext data. Consequently, the creator can know the contentsof the ciphertext data when required.

There is preferably provided eliminating means for erasing the firstenciphered key or the second enciphered key from the first storagemedium. Consequently, the creator of ciphertext becomes incapable ofdeciphering the ciphertext data, whereby a person who has a managementkey, that is, the above-mentioned manager of ciphertext can intensivelymanage the secrecy of the ciphertext data. By eliminating the secondenciphered key, the manager also becomes incapable of deciphering theciphertext data. In a case where a new person takes the place of themanager, for example, therefore, it is possible to prevent theciphertext data from being deciphered by a person who has been a managerin the past.

An enciphering/deciphering device according to the third inventioncomprises reading means for reading out from a first storage mediumstoring ciphertext data, a first enciphered key and a second encipheredkey the ciphertext data and the second enciphered key, management keyentering means for entering a management key used for deciphering thesecond enciphered key read out by the reading means, key decipheringmeans for deciphering the second enciphered key using the management keyentered by the management key entering means to form a data decryptionkey, data deciphering means for deciphering the ciphertext data using adata decryption key formed by the key deciphering means to formplaintext data, and storage controlling means for storing the plaintextdata formed by the data deciphering means in a second storage medium.

An enciphering/deciphering method according to the third inventioncomprises the steps of reading out from a first storage medium storingciphertext data, a first enciphered key and a second enciphered key theciphertext data and the second enciphered key, deciphering the secondenciphered key using an entered management key to form a data decryptionkey, deciphering the ciphertext data using the formed data decryptionkey to generate plaintext data, and storing the formed plaintext data ina second storage medium.

Examples of the first and second storage media include various mediasuch as an internal memory (for example, a RAM) in a computer, atransmission buffer, a magnetic disk, an optical disk, a floppy disk, anIC card, a memory card, and an optical card.

Examples of the management key entering means include a device forreading a management key from a storage medium. Examples of the storagemedium include a floppy disk, an IC card, a magnetic card, an opticalcard, and a buffer for receiving transmitted data. The same key as themanagement key formed by the above-mentioned enciphering/decipheringdevice for enciphering plaintext is stored in the storage medium. Themanagement key may be individually stored or may be stored in such aform as to have a correspondence with ciphertext data (for example, insuch a form as to have a correspondence with the file name of ciphertextdata).

The second enciphered key stored in the first storage medium isdeciphered using the entered management key, to form a data encryptionkey. The ciphertext data stored in the first storing means is decipheredusing the data encryption key, to form plaintext data. The formedplaintext data is stored in the second storing means. According to thepresent embodiment, a person who has a management key, that is, theabove-mentioned manager of ciphertext can decipher the ciphertext datato form plaintext data. Consequently, the manager can know the contentsof the ciphertext data when required.

There is preferably provided eliminating means for erasing the firstenciphered key or the second enciphered key from the first storagemedium. Consequently, a person who has a secret key, that is, theabove-mentioned creator of ciphertext becomes incapable of decipheringthe ciphertext data, whereby the manager of ciphertext can intensivelymanage the secrecy of the ciphertext data. By eliminating the secondenciphered key, the manager also becomes incapable of deciphering theciphertext data. In a case where a new person takes the place of themanager, for example, therefore, it is possible to prevent theciphertext data from being deciphered by a person who has been a managerin the past.

An encryption/decryption communication system according to the fourthinvention is an encryption/decryption communication system in which aplurality of enciphering/deciphering devices are connected to each otherthrough communicating means. The enciphering/deciphering devicecomprises data encryption key forming means for generating a dataencryption key used for enciphering plaintext data, management keyforming means for forming a management key used for enciphering the dataencryption key formed by the data encryption key forming means, dataenciphering means for enciphering the plaintext data using the dataencryption key to form ciphertext data, key enciphering means forenciphering the data encryption key using the management key to form anenciphered key, and first transmitting means for transmitting theciphertext data and the enciphered key.

The formation of the data encryption key by the data encryption keyforming means and the formation of the management key by the managementkey forming means are performed by the same processing as that in theabove-mentioned first invention. A plurality of different managementkeys can be also formed. In this case, the data encryption key isenciphered using the management key selected from the plurality ofmanagement keys.

The data encryption key for enciphering plaintext data is automaticallyformed. Plaintext data is enciphered using the formed data encryptionkey, to form ciphertext data. Further, a management key for encipheringthe data encryption key is formed. The data encryption key is encipheredusing the formed management key, to form an enciphered key. Theciphertext data and the enciphered key are transmitted by the firsttransmitting means. According to the present invention, the ciphertextdata and the enciphered key formed by the enciphering/deciphering devicecan be transmitted through the communicating means. Since both theciphertext data and a data encryption key for deciphering the ciphertextdata are transmitted, the management of a correspondence therebetween iseasy. Further, the data encryption key is enciphered using themanagement key. Even if both the ciphertext data and the data encryptionkey for deciphering the ciphertext data are transmitted, therefore, itis possible to maintain high security.

The enciphering/deciphering device preferably comprises first receivingmeans for receiving the ciphertext data and the enciphered keytransmitted by the first transmitting means, management key enteringmeans for entering a management key used for deciphering the encipheredkey received by the first receiving means, key deciphering means fordeciphering the enciphered key received by the first receiving meansusing the management key entered by the management key entering means toform a data encryption key, data deciphering means for deciphering theciphertext data received by the first receiving means using the dataencryption key formed by the key deciphering means to form plaintextdata, and storage controlling means for storing the plaintext dataformed by the data deciphering means in a first storage medium.

The management key entered by the management key entering means is thesame as that used for enciphering the data encryption key when theplaintext data is enciphered in the enciphering/deciphering device onthe transmission side. Examples of the entry of the management key bythe management key entering means include entry of the management keyfrom the second storage medium externally given (a floppy disk, an ICcard, a magnetic card, an optical card, etc.). In this case, themanagement key entering means is realized by means for reading out themanagement key from the second storage medium. The management keytransmitted from the enciphering/deciphering device on the transmissionside may, in some cases, be previously stored in the second storagemedium. A receiving person may enter a management key previouslydistributed by mail or the like using a keyboard or the like, or mayread out a management key stored in an internal memory (a ROM, aninternal disk, etc.) in the device. Further, it is also possible toencipher the inputted data using a particular key and use the enciphereddata as a management key.

A plurality of different management keys can be also entered. When eachof the management keys and each of a plurality of devices on thetransmission side correspond to each other, the management keycorresponding to the device on the transmission side which hastransmitted data is selected and is used for decryption. The selectionmay be carried out by an operator. Alternatively, when the managementkey is entered (stored) by establishing a correspondence with anidentification code of the device on the transmission side, themanagement key corresponding to the identification code of the device onthe transmission side and included in the transmitted data may be alsoselected by the selecting means. Data indicating which management keyshould be used can be also transmitted to the device on the receivingside by the device on the transmission side. In the device on thereceiving side, the management key is selected by the operator or theselecting means in accordance with the data, and is used for decryption.

Examples of the first storage medium include an internal memory (forexample, a RAM) and an internal disk storage device in theenciphering/deciphering device, or a floppy disk, an IC card, an opticalcard, and a magnetic card. The first storage medium and the secondstorage medium may be the same.

The ciphertext data and the enciphered key transmitted by the firsttransmitting means in the enciphering/deciphering device on thetransmission side are received by the first receiving means in theenciphering/deciphering device on the receiving side. On the receivingside, the received enciphered key is deciphered using the management keyentered by the management key entering means, to obtain a dataencryption key. The received ciphertext data is deciphered using thedata encryption key, to obtain plaintext data. According to the presentinvention, the ciphertext data received through the communicating meanscan be deciphered in the device on the receiving side, and the receivingperson can know the contents of the ciphertext data. Since both theciphertext data and the data encryption key (which is enciphered as anenciphered key using the management key) are received, the management ofa correspondence therebetween is easy.

In one embodiment, there is provided second transmitting means fortransmitting the management key formed by the management key formingmeans. In this embodiment, the management key is transmitted by thesecond transmitting means. A device to which the management key is to betransmitted is an enciphering/deciphering device to which the ciphertextdata and the enciphered key are to be transmitted. The management key istransmitted to the enciphering/deciphering device which has received theciphertext data, whereby the ciphertext data can be deciphered in thedevice on the receiving side. The management key is transmitted insecret to the device to which the ciphertext data is to be transmitted.Accordingly, even if a third person monitors ciphertext, it is possibleto prevent the contents of the ciphertext data from being known by thethird person.

The enciphering/deciphering device comprises second receiving means forreceiving the management key transmitted by the second transmittingmeans, first receiving means for receiving the ciphertext data and theenciphered key transmitted by the first transmitting means, keydeciphering means for deciphering the enciphered key received by thefirst receiving means using the management key received by the secondreceiving means to form a data encryption key, data deciphering meansfor deciphering the ciphertext data received by the first receivingmeans using the data encryption key formed by the key deciphering meansto form plaintext data, and storage controlling means for storing theplaintext data generated by the data deciphering means in a firststorage medium.

The management key is received through the communicating means in theenciphering/deciphering device on the receiving side. On the receivingside, the received enciphered key is deciphered using the receivedmanagement key, to obtain a data encryption key. The received ciphertextdata is deciphered using the data encryption key, to obtain plaintextdata. The plaintext data is stored in the first storage medium. In adevice which has received the management key, it is possible to decipherthe ciphertext data and know the contents thereof.

As a preferred embodiment in the fourth invention, there is anencryption/decryption communication system transmitting or receiving anenciphered authenticator. As a first mode, the enciphering/decipheringdevice comprises authenticator forming means for forming a firstauthenticator for confirming whether or not transmitted data iscorrectly received, first authenticator enciphering means forenciphering the first authenticator using the data encryption key toform a first enciphered authenticator, the above-mentioned firsttransmitting means for transmitting the ciphertext data, the encipheredkey and the first enciphered authenticator, authenticator receivingmeans for receiving a second enciphered authenticator transmitted fromthe enciphering/deciphering device which has received the ciphertextdata, the enciphered key and the first enciphered authenticatortransmitted by the first transmitting means, and first authenticatordeciphering means for deciphering the second enciphered authenticatorusing the management key to form a second authenticator.

Furthermore, in the first mode, the enciphering/deciphering devicecomprises first receiving means for receiving the ciphertext data, theenciphered key and the first enciphered authenticator transmitted by thefirst transmitting means, management key entering means for entering amanagement key used for deciphering the enciphered key received by thefirst receiving means, key deciphering means for deciphering theenciphered key received by the first receiving means using themanagement key entered by the management key entering means to form adata encryption key, data deciphering means for deciphering theciphertext data received by the first receiving means using the dataencryption key formed by the key deciphering means to form plaintextdata, storage controlling means for storing the plaintext data formed bythe data deciphering means in a first storage medium, secondauthenticator deciphering means for deciphering the first encipheredauthenticator received by the first receiving means using the dataencryption key formed by the key deciphering means to form a firstauthenticator, second authenticator enciphering means for encipheringthe first authenticator formed by the second authenticator decipheringmeans using the management key to form a second encipheredauthenticator, and returning means for returning the second encipheredauthenticator to the enciphering/deciphering device on the transmissionside.

The formation of the authenticator by the authenticator forming means isperformed by the same processing as the formation of the key by thesecret key forming means in the first invention. The entry of themanagement key by the management key entering means is also performed inthe above-mentioned manner.

The formed first authenticator is enciphered using the data encryptionkey, to form a first enciphered authenticator. The first encipheredauthenticator, together with the ciphertext data and the enciphered key,is transmitted to the enciphering/deciphering device on the receivingside by the first transmitting means.

The device on the receiving side receives the ciphertext data, theenciphered key and the first enciphered authenticator by the firstreceiving means. The enciphered key is deciphered using the managementkey entered by the management key entering means, to obtain a dataencryption key. The entered management key is the same as that used forenciphering the data encryption key in the device on the transmissionside. The ciphertext data and the first enciphered authenticator aredeciphered using the data encryption key. The first authenticator formedby deciphering the first enciphered authenticator is enciphered usingthe management key, to form a second enciphered authenticator. Thesecond enciphered authenticator is returned to the device on thetransmission side.

The second enciphered authenticator is received by the device on thetransmission side. On the transmission side, the received secondenciphered authenticator is deciphered using the management key, toobtain a second authenticator.

The first authenticator is enciphered using the data encryption key andthe management key, respectively, and is transmitted (or returned). Evenif a third person monitors the first or second enciphered authenticator,therefore, he or she cannot know the contents thereof. If a fair deviceon the receiving side receives the first enciphered authenticatortransmitted by the device on the transmission side, the secondauthenticator obtained by deciphering the second encipheredauthenticator returned from the device on the receiving side should bethe same as the first authenticator. According to the present invention,therefore, the device on the transmission side can confirm whether ornot transmitted data is received by the fair device on the receivingside by examining whether or not the first authenticator and the secondauthenticator are the same. This makes it is possible to prevent suchunfair authentication that a device other than the fair receiving device(receiving person) which has received data returns an authenticator,pretending to be a correct receiving person.

As a second mode, the enciphering/deciphering device comprises secondtransmitting means for transmitting the management key formed by themanagement key forming means. The enciphering/deciphering devicecomprises second receiving means for receiving the management keytransmitted by the second transmitting means, first receiving means forreceiving the ciphertext data, the enciphered key and the firstenciphered authenticator transmitted by the first transmitting means,key deciphering means for deciphering the enciphered key received by thefirst receiving means using the management key received by the secondreceiving means to form a data encryption key, data deciphering meansfor deciphering ciphertext data received by the first receiving meansusing the data encryption key formed by the key deciphering means toform plaintext data, storage controlling means for storing the plaintextdata formed by the data deciphering means in a storage medium, secondauthenticator deciphering means for deciphering the first encipheredauthenticator received by the first receiving means using the dataencryption key formed by the key deciphering means to form a firstauthenticator, second authenticator enciphering means for encipheringthe first authenticator formed by the second authenticator decipheringmeans using the management key to form a second encipheredauthenticator, and returning means for returning the second encipheredauthenticator to the enciphering/deciphering device on the transmissionside.

In the second mode, the management key is transmitted from the device onthe transmission side to the device on the receiving side. In the deviceon the receiving side, the enciphered key is deciphered using thereceived management key, to form a data encryption key. Processing suchas the decryption of the ciphertext data and the first encipheredauthenticator and the return of the second enciphered authenticator fromthe device on the receiving side to the device on the transmission sideis performed in the same manner as that in the above-mentioned firstmode.

As a third mode, the enciphering/deciphering device comprisesauthenticator forming means for forming a first authenticator forconfirming whether or not transmitted data is correctly received, firstauthenticator enciphering means for enciphering the first authenticatorusing the management key to form a first enciphered authenticator, thefirst transmitting means for transmitting the ciphertext data, theenciphered key and the first enciphered authenticator, authenticatorreceiving means for receiving a second enciphered authenticatortransmitted from the enciphering/deciphering device which has receivedthe ciphertext data, the enciphered key and the first encipheredauthenticator transmitted by the first transmitting means, and firstauthenticator deciphering means for deciphering the second encipheredauthenticator using the data encryption key to form a secondauthenticator.

Furthermore, in the third mode, the enciphering/deciphering devicecomprises first receiving means for receiving the ciphertext data, theenciphered key and the first enciphered authenticator transmitted by thefirst transmitting means, management key entering means for entering amanagement key used for deciphering the enciphered key received by thefirst receiving means, key deciphering means for deciphering theenciphered key received by the first receiving means using themanagement key entered by the management key entering means to form adata encryption key, data deciphering means for deciphering theciphertext data received by the first receiving means using the dataencryption key generated by the key deciphering means to form plaintextdata, storage controlling means for storing the plaintext data formed bythe data deciphering means in a first storage medium, secondauthenticator deciphering means for deciphering the first encipheredauthenticator received by the first receiving means using the managementkey to form a first authenticator, second authenticator encipheringmeans for enciphering the first authenticator formed by the secondauthenticator deciphering means using the data encryption key to form asecond enciphered authenticator, and returning means for returning thesecond enciphered authenticator to the enciphering/deciphering device onthe transmission side.

The formation of the authenticator by the authenticator forming meansand the entry of the management key by the management key entering meansare performed in the same manner as that in the above-mentioned firstmode.

In the third mode, on the transmission side, the first authenticator isenciphered using the management key, to form a first encipheredauthenticator. On the receiving side, the first enciphered authenticatoris deciphered using the management key, to obtain a first authenticator.The first authenticator is enciphered using the data encryption key, toform a second enciphered authenticator. In the device on thetransmission side, the returned second enciphered authenticator isdeciphered using the data encryption key, to form a secondauthenticator. The other processing is performed in the same manner asthat in the above-mentioned first mode.

Also in the third mode, it is possible to prevent such unfairauthentication that a device other than the fair receiving device(receiving person) which has received data returns an authenticator,pretending to be a correct receiving person.

As a fourth mode, the enciphering/deciphering device comprises secondtransmitting means for transmitting the management key formed by themanagement key forming means. The enciphering/deciphering device furthercomprises second receiving means for receiving the management keytransmitted by the second transmitting means, first receiving means forreceiving the ciphertext data, the enciphered key and the firstenciphered authenticator transmitted by the first transmitting means,key deciphering means for deciphering the enciphered key received by thefirst receiving means using the management key received by the secondreceiving means to form a data encryption key, data deciphering meansfor deciphering the ciphertext data received by the first receivingmeans using the data encryption key formed by the key deciphering meansto form plaintext data, storage controlling means for storing theplaintext data formed by the data deciphering means in a storage medium,second authenticator deciphering means for deciphering the firstenciphered authenticator received by the first receiving means using themanagement key to form a first authenticator, second authenticatorenciphering means for enciphering the first authenticator formed by thesecond authenticator deciphering means using the data encryption key toform a second enciphered authenticator, and returning means forreturning the second enciphered authenticator to theenciphering/deciphering device on the transmission side.

Also in the fourth mode, on the transmission side, the firstauthenticator is enciphered using the management key, to form a firstenciphered authenticator. On the receiving side, the first encipheredauthenticator is deciphered using the management key, to obtain a firstauthenticator. The first authenticator is enciphered using the dataencryption key, to form a second enciphered authenticator. In the deviceon the transmission side, the returned second enciphered authenticatoris deciphered using the data encryption key, to form a secondauthenticator. The other processing is performed in the same manner asthat in the above-mentioned second mode.

Also in the encryption/decryption communication system, when themanagement key entering means is stored in the storage medium externallygiven, there is preferably provided eliminating means for erasing themanagement key.

An encryption/decryption communication system according to a fifthinvention is a system in which a plurality of enciphering/decipheringdevices are connected to each other through communicating means, whereinthe enciphering/deciphering device comprises first storage controllingmeans for storing a management key previously distributed in a firststorage medium, receiving means for receiving ciphertext data and anenciphered key transmitted, key deciphering means for deciphering theenciphered key received by the receiving means using the management keystored in the first storage medium to form a data encryption key, datadeciphering means for deciphering the ciphertext data received by thereceiving means using the data encryption key formed by the keydeciphering means to form plaintext data, and second storage controllingmeans for storing the plaintext data formed by the data decipheringmeans in a second storage medium.

The entry of the management key by the management key entering means isperformed in the same manner as that in the above-mentioned fourthinvention. The management key is the same as that used for encipheringthe data encryption key in a case where the plaintext data is encipheredin the device on the transmission side. When the management key isentered from the second storage medium externally given, there ispreferably provided eliminating means for erasing the management keyfrom the second storage medium.

Examples of the first storage medium include an internal memory (forexample, a RAM) and an internal disk storage in theenciphering/deciphering device, or a floppy disk, an IC card, an opticalcard, a magnetic card, and a transmission buffer.

According to the fifth invention, the ciphertext data and the encipheredkey transmitted from the enciphering/deciphering device on thetransmission side are received by the enciphering/deciphering device onthe receiving side. The enciphered key is deciphered using themanagement key entered by the management key entering means, to obtain adata encryption key. The ciphertext data is deciphered using the dataencryption key, to obtain plaintext data. The plaintext data is storedin the first storage medium. According to the present invention, in theenciphering/deciphering device which has received the ciphertext dataand the enciphered key, the ciphertext data can be deciphered, and areceiving person can know the contents thereof. Since both theciphertext data and the data encryption key (which is enciphered as anenciphered key) are received, the management of a correspondencetherebetween becomes easy. Even if the ciphertext data and the dataencryption key are transmitted and received, the data encryption key hasbeen enciphered, whereby high security is obtained.

An encryption/decryption communication system according to a sixthembodiment of the invention is a system in which a plurality ofenciphering/deciphering devices are connected to each other throughcommunicating means, wherein the enciphering/deciphering devicecomprises first receiving means for receiving ciphertext data and anenciphered key transmitted, second receiving means for receiving atransmitted management key, key deciphering means for deciphering theenciphered key received by the first receiving means using themanagement key received by the second receiving means to form a dataencryption key, data deciphering means for deciphering the ciphertextdata received by the first receiving means using the data encryption keyformed by the key deciphering means to form plaintext data, and storingmeans for storing the plaintext data formed by the data decipheringmeans in a storage medium.

Examples of the storage medium include a RAM and an internal diskstorage in the enciphering/deciphering device, or a floppy disk, an ICcard, an optical card, a magnetic card, and a transmission buffer.

The management key transmitted from the enciphering/deciphering deviceon the transmission side is received by the enciphering/decipheringdevice on the receiving side. The management key is the same as themanagement key used for enciphering the data encryption key when thedevice on the transmission side enciphers the plaintext data. Theciphertext data and the enciphered key transmitted from theenciphering/deciphering device on the transmission side are received.The enciphered key is deciphered using the received management key, toobtain a data encryption key. The ciphertext data is deciphered usingthe data encryption key, to obtain plaintext data. The plaintext data isstored in the storage medium. According to the present invention, in theenciphering/deciphering device which has received the ciphertext dataand the enciphered key, it is possible to decipher the ciphertext datausing the management key sent from the device on the transmission side,and know the contents thereof. Since both the ciphertext data and thedata encryption key (which is enciphered as an enciphered key) arereceived, the management of a correspondence therebetween becomes easy.Further, even if the ciphertext data and the data encryption key aretransmitted and received, since the management key is previouslytransmitted and received in secret and the data encryption key isenciphered, high security is obtained.

An enciphering/deciphering device according to the seventh invention isan enciphering/deciphering device using operation storage media eachstoring inherent supervisor identification data and inherent operationidentification data and a supervisor storage medium storing thesupervisor identification data, which is characterized by comprisingdata encryption key forming means for forming a data encryption key usedfor enciphering plaintext data, secret key forming means for forming asecret key used for enciphering the data encryption key formed by thedata encryption key forming means, management key forming means forforming a management key used for enciphering the data encryption keyformed by the data encryption key forming means, first storagecontrolling means for storing in the operation storage medium the secretkey formed by the secret key forming means and the management key formedby the management key forming means, and second storage controllingmeans for storing the management key formed by the management keyforming means in the supervisor storage medium.

An enciphering/deciphering method according to the seventh invention isan enciphering/deciphering method using operation storage media eachstoring inherent supervisor identification data and inherent operationidentification data and a supervisor storage medium storing inherentsupervisor identification data, which is characterized by comprising thesteps of forming a data encryption key used for enciphering plaintextdata, forming a secret key used for enciphering the formed dataencryption key, forming a management key used for enciphering the formeddata encryption key, storing in the operation storage medium the formedsecret key and the formed management key, and storing the formedmanagement key in the supervisor storage medium.

According to the seventh invention, the secret key and the managementkey are stored in the operation storage medium, and the management keyis stored in the supervisor storage medium for managing the operationstorage medium. All the management keys stored in the plurality ofoperation storage media are stored in the supervisor storage medium. Thesupervisor storage medium and the operation storage medium constituteone closed encryption/decryption system.

The data encryption key can be enciphered using the management key andthe secret key.

In the seventh invention, there are preferably provided data encipheringmeans for enciphering the plaintext data using the data encryption keyto form ciphertext data, first key enciphering means for enciphering thedata encryption key using the secret key formed by the secret keyforming means to form a first enciphered key, second key encipheringmeans for enciphering the data encryption key using the management keyformed by the management key forming means to form a second encipheredkey, and third storage controlling means for storing in a first storagemedium the ciphertext data, the first enciphered key and the secondenciphered key.

Consequently, the first enciphered key and the second enciphered key,together with the ciphertext data, are stored in the first storagemedium. When the ciphertext data is deciphered, therefore, the firstenciphered key or the second enciphered key which is stored in the firststorage medium is read out, whereby a secret key is deciphered from thefirst enciphered key, and a management key is deciphered from the secondenciphered key. The data encryption key is deciphered using the secretkey or the management key, and the ciphertext data is deciphered usingthe deciphered data encryption key.

The ciphertext data can be deciphered by reading out the management keyfrom the supervisor storage medium besides reading out the secret key orthe management key from the operation storage medium. Consequently, theciphertext data can be deciphered by handing over the supervisor storagemedium to a manager, for example, and by reading out the management keyfrom the supervisor storage medium besides handing over the operationstorage medium to each of workers, for example, to encipher theplaintext data and the worker deciphering the ciphertext data. The useof the supervisor storage medium makes it possible to decipher theciphertext data formed by each of the workers.

An enciphering/deciphering device according to the eighth invention isan enciphering/deciphering device using operation storage media eachstoring inherent supervisor identification data and inherent operationidentification data and a supervisor storage medium storing thesupervisor identification data, which is characterized by comprisingdata encryption key forming means for forming a data encryption key usedfor enciphering plaintext data, secret key forming means for forming asecret key used for enciphering the data encryption key formed by thedata encryption key forming means, management key forming means forforming a management key used for enciphering the data encryption keyformed by the data encryption key forming means, first storagecontrolling means for storing in the operation storage medium the secretkey formed by the secret key forming means and the management key formedby the management key forming means, second storage controlling meansfor storing in the supervisor storage medium the management key formedby the management key forming means, data enciphering means forenciphering the plaintext data using the data encryption key to formciphertext data, first key enciphering means for enciphering the dataencryption key using the secret key formed by the secret key formingmeans to form a first enciphered key, second key enciphering means forenciphering the data encryption key using the management key formed bythe management key forming means to form a second enciphered key, andthird storage controlling means for storing in a first storage mediumthe ciphertext data, the first enciphered key and the second encipheredkey.

An enciphering/deciphering method according to the eighth invention isan enciphering/deciphering device using operation storage media eachstoring inherent operation identification data and a supervisor storagemedium storing inherent supervisor identification data, which ischaracterized by comprising the steps of forming a data encryption keyused for enciphering plaintext data, forming a secret key used forenciphering the formed data encryption key, forming a management keyused for enciphering the formed data encryption key, storing in theoperation storage medium the formed secret key and the formed managementkey, storing the formed management key in the supervisor storage medium,enciphering the plaintext data using the data encryption key to formciphertext data, enciphering the data encryption key using the formedsecret key to form a first enciphered key, enciphering the dataencryption key using the formed management key to form a secondenciphered key, and storing in a first storage medium the ciphertextdata, the first enciphered key and the second enciphered key.

According to the eighth invention, the secret key and the management keyare stored in the operation storage medium, and the management key isstored in the supervisor storage medium. The management key and thesecret key are stored in the operation storage medium. All themanagement keys stored in the plurality of operation storage media arestored in the supervisor storage medium.

The management key and the secret key are used for enciphering the dataencryption key. The first enciphered key and the second enciphered key,together with the ciphertext data, are stored in the first storagemedium.

When the ciphertext data is deciphered, the first enciphered key or thesecond enciphered key stored in the first storage medium is read out,whereby a secret key is deciphered from the first enciphered key, and amanagement key is deciphered from the second enciphered key. The dataencryption key is deciphered using the secret key or the management key,and the ciphertext data is deciphered using the deciphered dataencryption key.

The ciphertext data can be deciphered by reading out the management keyfrom the supervisor storage medium besides reading out the secret key orthe management key from the operation storage medium. Consequently, theciphertext data can be deciphered by handing over the supervisor storagemedium to a manager, for example, and by reading out the management keyfrom the supervisor storage medium besides handing over the operationstorage medium to each of workers, for example, to encipher theplaintext data and the worker deciphering the ciphertext data. The useof the supervisor storage medium makes it possible to decipher theciphertext data formed by each of the workers.

In the foregoing, the management key stored in one of the operationstorage media can be also stored as a low-order key in the otheroperation storage medium.

By reading out the low-order key stored in the other operation storagemedium, the data encryption key can be deciphered using the low-orderkey. The ciphertext data is deciphered from the deciphered dataencryption key.

In addition to a person having the one operation storage medium, aperson having the other operation storage medium can also decipher theciphertext data.

There may be provided operation identification name entering means forentering an operation identification name inherent to the operationstorage medium for identifying the operation storage medium andsupervisor identification name entering means for entering a supervisoridentification name inherent to the supervisor storage medium foridentifying the supervisor storage medium.

In this case, the first storage controlling means is so adapted as tostore in the operation storage medium the supervisor identification nameentered by the supervisor identification name entering means and theoperation identification name entered by the operation identificationname entering means, and the second storage controlling means is soadapted as to store in the supervisor storage medium the supervisoridentification name entered by the supervisor identification nameentering means.

Consequently, the supervisor storage medium and the operation storagemedium can be identified using desired names.

All operation identification names inherent to the operation storagemedia which are stored in the supervisor storage medium can be alsostored in the supervisor storage medium so that they can be displayed ona display.

By reading out all the operation identification names stored in thesupervisor storage medium, the operation identification names aredisplayed on the display. Since all the management keys for eachoperation storage medium are stored in the supervisor storage medium,the operation identification names displayed on the display representthe types of operation storage media which can be deciphered using themanagement keys stored in the supervisor storage medium out of theoperation storage media each storing the secret key for encipheringplaintext data and the management key. The operation storage media whichare used for such encryption that the result of the encryption can bedeciphered using the supervisor storage medium can be known by seeingthe operation identification names displayed on the display device.

All the operation identification names stored in the operation storagemedia may be also stored in the supervisor storage medium so that theycan be displayed on the display.

Also in this case, by reading out all the operation identification namesstored in the operation storage media, the operation identificationnames are displayed on the display. The operation storage medium may, insome cases, store a management key in the other operation storagemedium. The operation identification names displayed on the displayrepresent the type of one of operation storage media which can besubjected to decryption using the management key stored in the otheroperation storage medium out of the operation storage media each storingthe secret key for enciphering plaintext data and the management key. Itcan be known by seeing the operation identification names displayed onthe display device which of the operation storage media is used forencryption and whether or not the result of the encryption can bedeciphered using the one operation storage medium.

It is also possible to provide first selecting means for selecting theoperation identification name of the operation storage medium whichshould transfer stored data out of the operation identification namesdisplayed on the display, second selecting means for selecting theoperation identification name of the operation storage medium to whichthe data should be transferred, and fifth storage controlling means forstoring the data stored in the operation storage medium specified by theoperation identification name selected using the first selecting meansin the operation storage medium specified by the operationidentification name selected using the second selecting means.

The data stored in the operation storage medium having the operationidentification name selected by the first selecting means is transferredto the operation storage medium having the operation identification nameselected by the second selecting means and is stored therein. The datastored in the operation storage medium can be preserved by transferringthe data to the other operation storage medium and by storing thetransferred data therein. Since a spare operation storage medium can beproduced, it is possible to cope with a case where a storage medium islost.

The second storage controlling means may be one for storing in thesupervisor storage medium the operation identification name stored inthe operation storage medium so that it can be displayed on the display.

The second storage controlling means may be one for storing in thesupervisor storage medium the operation identification name stored inthe operation storage medium and the operation identification name inthe operation storage medium storing the management key as the low-orderkey so that they can be displayed on the display.

Management keys for deciphering data enciphered using the managementkeys or the secret keys stored in the operation storage media are storedin the supervisor storage medium. Therefore, the ciphertext dataobtained using the operation storage medium can be deciphered using thesupervisor storage medium. Since the operation identification names aredisplayed, such the operation storage medium can be known that is usedfor such encryption that the result of the encryption can be decipheredof the operation storage media used for encryption.

The first storage controlling means may be one for storing the operationidentification name stored in one of the operation storage media in theother operation storage medium so that it can be displayed on thedisplay.

The first storage controlling means may be one for storing in the aboveoperation storage medium its own operation identification name and theoperation identification name of the operation storage medium storingthe management key registered as the low-order key so that they can bedisplayed on the display.

The operation storage medium may, in some cases, store the managementkey, as a low-order key, for deciphering data enciphered using themanagement key or the secret key stored in the other operation storagemedium. Therefore, ciphertext data obtained using the other operationstorage medium can be deciphered using the low-order key. Since theoperation identification names are displayed, such the operation storagemedium can be known that is used for such encryption that the result ofthe encryption can be deciphered of the operation storage media used forencryption.

There may be provided operation storage medium identifying means forreading the supervisor identification data and the supervisoridentification names respectively stored in the plurality of operationstorage media and identifying the operation storage media storing thesame supervisor identification data and the supervisor identificationnames, and overlapped names judging means for judging whether or not theoperation identification names stored in the plurality of operationstorage media which are judged to store the same supervisoridentification data and the supervisor identification names by theoperation storage medium identifying means and the operationidentification name entered from the operation identification nameentering means are overlapped with each other, and the first storagecontrolling means may be one for storing, with respect to the operationidentification name which is judged to be overlapped with the operationidentification names by the overlapped names judging means and enteredfrom the operation identification name entering means, a name obtainedby adding an additive name to the entered operation identification namein the operation storage medium.

In the operation storage media storing the same supervisoridentification data, only one type of operation identification name isstored in each of the operation storage media. However, the sameoperation identification name can be also erroneously repeatedlyentered, or the same operation identification name is desired to berepeatedly entered. In this case, the same operation identification nameis allowed to be repeatedly entered, and a name obtained by adding anadditive name to the operation identification name is stored in theoperation storage media.

Since the operation identification name to which the additive name isadded is stored in the operation storage media, the operation storagemedia can be distinguished even if the same operation identificationname is repeatedly entered.

There may be also provided secret key enciphering means for encipheringthe secret key formed by the secret key forming means, and managementkey enciphering means for enciphering the management key formed by themanagement key forming means, the first storage controlling means may befor storing in the operation storage medium the secret key enciphered bythe secret key enciphering means and the management key enciphered bythe management key enciphering means, and the second storage controllingmeans may be one for storing in the supervisor storage medium themanagement key enciphered by the management key enciphering means.

Both the secret key and the management key can be used for decipheringthe data encryption key, and the secret key and the management key arehigh in secrecy.

Since the secret key and the management key are enciphered and arestored in one of the operation storage media, and the management key isenciphered and is stored in the supervisor storage medium, only theenciphered secret key and the enciphered management key can be read outfrom the operation storage medium or the supervisor storage medium.Since the secret key and the management key are enciphered, a person whohas read out the keys cannot know the contents of the keys even if thekeys are read out. Consequently, the secrecy of the secret key and themanagement key is kept high.

There may be provided secret key enciphering means for enciphering thesecret key formed by the secret key forming means using the managementkey formed by the management key forming means. In this case, the firststorage controlling means stores in the operation storage medium thesecret key enciphered by the secret key enciphering means and themanagement key formed by the management key forming means.

Also in this case, the secret key is enciphered and is stored in theoperation storage medium, whereby the secret key has high secrecy. Themanagement key for enciphering the secret key, together with theenciphered secret key, is stored in one of the operation storage media,whereby the keys are relatively easy to manage.

A password may be stored in the operation storage medium, and there maybe provided password entering means for entering a password for passwordjudgment, and password coincidence judging means for judging whether ornot the password entered by the password entering means and the passwordstored in the operation storage medium coincide with each other. Thefirst storage controlling means may be one for storing in the operationstorage medium the secret key formed by the secret key forming means andthe management key formed by the management key forming means when thepassword coincidence judging means judges that the passwords coincidewith each other.

Further, a password may be stored in the supervisor storage medium, andthere may be provided password entering means for entering a passwordfor password judgment, and password coincidence judging means forjudging whether or not the password entered by the password enteringmeans and the password stored in the supervisor storage medium coincidewith each other. The second storage controlling means may be one forstoring in the supervisor storage medium the management key formed bythe management key forming means when the password coincidence judgingmeans judges that the passwords coincide with each other.

When the secret key and the management key may be altered uponassumption that everyone can operate the enciphering/deciphering device.Consequently, it is preferable that only reliable human beings canoperate the enciphering/deciphering device.

In the foregoing, a password is registered, and it is assumed that theenciphering/deciphering device can be operated so long as an enteredpassword coincides with the registered password. By teaching thepassword to only a reliable person, therefore, it is possible to preventthe enciphering/deciphering device from being erroneously operated by anunreliable person.

An enciphering/deciphering device according to the ninth invention ischaracterized by comprising first reading means for reading out from afirst storage medium storing ciphertext data, a first enciphered key anda second enciphered key the ciphertext data, the first enciphered keyand the second enciphered key, second reading means for reading out froman operation storage medium storing inherent operation identificationdata and a secret key for deciphering the first enciphered key read outfrom the first reading means the secret key, first key deciphering meansfor deciphering the first enciphered key using the secret key read outby the second reading means to form a data decryption key, third readingmeans for reading out from a supervisor storage medium storing theoperation identification data, inherent supervisor identification dataand a management key for deciphering the second enciphered key read outfrom the first reading means the management key, second key decipheringmeans for deciphering the second enciphered key using the management keyread out by the third reading means to form a data decryption key, datadeciphering means for deciphering the ciphertext data using the datadecryption key formed by the first key deciphering means or the secondkey deciphering means to form plaintext data, and storage controllingmeans for storing in a second storage medium the plaintext data formedby the data deciphering means.

The ninth invention is characterized by comprising the steps of readingout from a first storage medium storing ciphertext data, a firstenciphered key and a second enciphered key the ciphertext data, thefirst enciphered key and the second enciphered key, reading out from anoperation storage medium storing an inherent operation identificationname, inherent operation identification data and a secret key fordeciphering the read-out first enciphered key the secret key,deciphering the first enciphered key using the secret key read out toform a data decryption key, reading out from a supervisor storage mediumstoring the operation identification name, the operation identificationdata, an inherent supervisor identification name, inherent supervisoridentification data and a management key for deciphering the read-outsecond enciphered key the management key, deciphering the secondenciphered key using the management key read out to form a datadecryption key, deciphering the ciphertext data using the formed datadecryption key to form plaintext data, and storing the formed plaintextdata in a second storage medium.

According to the ninth invention, the secret key stored in the operationstorage medium is read out, and the data encryption key is decipheredusing the secret key, to form a data decryption key. The ciphertext datais deciphered using the data decryption key to obtain plaintext data.The management key stored in the supervisor storage medium is read out,and the data encryption key is deciphered using the management key, toform a data decryption key. The ciphertext data is deciphered using thedata decryption key to obtain plaintext data.

According to the ninth invention, the ciphertext data can be decipheredusing the secret key stored in the operation storage medium to obtainplaintext data, and the ciphertext data can be deciphered using themanagement key stored in the supervisor storage medium to obtainplaintext data.

Consequently, the ciphertext data can be deciphered by handing over thesupervisor storage medium to a manager, for example, and reading out themanagement key from the supervisor storage medium besides handing overthe operation storage medium to each of workers, for example, toencipher the plaintext data and the worker deciphering the ciphertextdata. The use of the supervisor storage medium makes it possible todecipher using the supervisor storage medium the ciphertext data formedby each of the workers.

The second reading means may be one for reading out from an operationstorage medium storing inherent operation identification data, a secretkey for deciphering the first enciphered key read out from the firstreading means, and a low-order key the low-order key, and the second keydeciphering means may be one for deciphering the second enciphered keyusing the low-order key read out by the second reading means to form adata decryption key.

It is considered that the management key stored in the operation storagemedium is stored as a low-order key in the other operation storagemedium, the data encryption key enciphered using the management keystored in the operation storage medium is deciphered using the low-orderkey, to decipher the ciphertext data to obtain the plaintext data.

In the foregoing, the management key or the low-order key is stored inthe supervisor storage medium or the operation storage medium, wherebyit is possible to decipher the data encryption key using the managementkey or the low-order key to obtain a data decryption key, and decipherthe ciphertext data to obtain the plaintext data.

There can be also provided secret key eliminating means for erasing thesecret key stored in the operation storage medium.

The secret key is inherent to the operation storage medium. For example,when the operation storage medium is handed over to each of the workers,and the manager holds the supervisor storage medium, the ciphertext dataobtained using the secret key stored in the operation storage medium canbe deciphered by each of the workers having the operation storagemedium. This may introduce problems on management of the ciphertextdata.

Since in the foregoing, the secret key stored in the operation storagemedium can be erased, it is possible to prevent the ciphertext data frombeing deciphered without permission by a person having an operationstorage medium, for example, a worker.

The operation identification name stored in the operation storage mediumfrom which the secret key is erased by the secret key eliminating meansmay be read out from the operation storage medium.

Consequently, the operation storage medium from which the secret key iserased can be known, whereby it is possible to previously know theoperation storage medium which cannot decipher the ciphertext data.

There may be provided judging means for judging whether or not thesecond enciphered key is enciphered using the management key stored inthe operation storage medium in which the low-order key read out by thesecond reading means is stored as the management key, and firstenciphered key eliminating means for erasing the first enciphered keystored in the first storage medium in response to the fact that thejudging means judges that the second enciphered key is enciphered.

Even in this case, the first enciphered key stored in the first storagemedium can be erased, whereby it is possible to prevent the ciphertextdata from being deciphered without permission by a person having anoperation storage medium, for example, a worker.

There may be provided displaying means for displaying the operationidentification name of the operation storage medium which is read out bythe second reading means in response to the fact that the firstenciphered key is erased by the first enciphered key eliminating means.Consequently, it is possible to confirm a person who has inhibiteddecryption.

The data stored in the supervisor storage medium may be read out andstored in the other storage medium.

Consequently, a spare supervisor storage medium can be produced, wherebyit is possible to previously cope with loss and damage of the supervisorstorage medium.

The data stored in the other storage medium may be reversely transferredto the original supervisor storage medium and stored therein.

The data stored in the other storage medium is inhibited from being readout when it is transferred in the reverse direction to the originalsupervisor storage medium, whereby unfair copying of the data in thesupervisor storage medium can be also prevented, and the supervisorstorage medium becomes relatively easy to manage.

There may be provided eliminating means for erasing the data in thesupervisor storage medium which has been stored in the other storagemedium.

Since unnecessary data in the supervisor storage medium which has beenstored in the other storage medium can be erased, the data in thesupervisor storage medium becomes relatively easy to manage.

There are preferably provided transfer judging means for judging whetheror not the data stored in the operation storage medium or the supervisorstorage medium is transferred to the other storage medium, and readinginhibition controlling means for inhibiting the data stored in theoriginal operation storage medium or the supervisor storage medium frombeing read out by the fact that the transfer judging means judges thatthe data is transferred to the other storage medium.

When the data is transferred, therefore, the data stored in the originalsupervisor storage medium or the operation storage medium from whichdata is transferred can be inhibited from being read out. Consequently,unfair copying of data can be prevented, and only a person fairly havinga supervisor storage medium or an operation storage medium can decipherciphertext data. Consequently, the storage medium becomes relativelyeasy to manage.

There can be also provided first reading inhibition release controllingmeans for releasing the inhibition of the reading of the data in theoperation storage medium by the reading inhibition controlling means.

Since the inhibition of the reading of the data is released, the datacan be read out from the operation storage medium from which the readingout of data was inhibited.

The supervisor identification data or the operation identification datais random-number data or enciphered time data, for example.

The random-number data or the enciphered time data is difficult topresume, whereby the secrecy of the identification data can be kepthigh.

It is also possible to store a version code in the supervisor storagemedium or the operation storage medium, and to store in the firststorage medium the version code in addition to the ciphertext data, thefirst enciphered key and the second enciphered key.

When encryption processing is performed using the operation storagemedium storing a low version code, it is necessary that decryptionprocessing can be performed using the supervisor storage medium or theoperation storage medium storing a higher version code than the versioncode.

Since the version code of the operation storage medium used forencryption is stored in the first storage medium, it is possible to knowthe operation storage medium or the supervisor storage medium which canbe used for decryption.

Version codes are stored in the first storage medium, the operationstorage medium and the supervisor storage medium, and there can be alsoprovided comparing means for comparing the version code read out by thefirst reading means with the version code read out by the second readingmeans or the version code read out by the third reading means, and keyformation controlling means for allowing the formation of the datadecryption key by the first key deciphering means and the formation ofthe data decryption key by the second key deciphering means when theversion code read out by the first reading means is not more than theversion code read out by the second reading means or the version coderead out by the third reading means as a result of the comparison by thecomparing means.

When encryption processing is performed using the operation storagemedium storing a low version code, decryption processing can beperformed using the supervisor storage medium or the operation storagemedium storing a higher version code than the version code.

The operation storage medium may be one storing an operationidentification name inherent to the operation storage medium and asupervisor identification name inherent to the supervisor storagemedium, and the supervisor storage medium may be one storing thesupervisor identification name.

There can be also provided operation identification name changing meansfor changing the operation identification name stored in the operationstorage medium.

Since the operation identification name can be changed into a desiredoperation identification name, the application of theenciphering/deciphering device is broadened.

The plaintext data or the deciphered plaintext data can be alsodisplayed and scrolled.

There may be also provided displaying means for displaying and scrollingthe plaintext data or the deciphered plaintext data.

Consequently, the supervisor identification data or the operationidentification data can be prevented from being overlapped with eachother, whereby it is also possible to keep high secrecy.

The enciphering/deciphering device, the enciphering/deciphering methodor the encryption/decryption system may be constructed using anenciphering device, using time data as input data, an initial value oran encryption key fed to the enciphering device, and using enciphereddata obtained from the enciphering device as the data encryption key,the secret key or the management key.

The time data is used as the input data, the initial value or theencryption key, to obtain the enciphered data. The obtained enciphereddata is taken as the data encryption key, the secret key or themanagement key.

The data encryption key, the secret key or the management key isgenerated utilizing the time data. The time data is data which isgenerally difficult to presume by a third person. When the plaintextdata is enciphered using the data encryption key formed utilizing thetime data, therefore, it is difficult to presume the data encryptionkey, whereby it is also difficult to decipher the ciphertext data.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram showing the construction of anenciphering/deciphering device in a first embodiment;

FIG. 2a illustrates one example of an encryption algorithm, and FIG. 2billustrates one example of an S box;

FIG. 3a shows how encryption processing of a file in anenciphering/deciphering device is performed, and FIG. 3b shows howdecryption processing in the enciphering/deciphering device isperformed;

FIG. 4 is a flow chart showing the flow of encryption/decryptionprocessing in the first embodiment;

FIG. 5 is a flow chart showing the flow of encryption/decryptionprocessing in the first embodiment;

FIG. 6 is a flow chart showing the flow of encryption/decryptionprocessing in the first embodiment;

FIG. 7 shows how decryption processing in the enciphering/decipheringdevice in the first embodiment is performed;

FIG. 8 is a flow chart showing the flow of decryption processing in thefirst embodiment;

FIG. 9 illustrates a data structure of an enciphered file;

FIG. 10 illustrates a data structure in a floppy disk of an encipheredfile;

FIG. 11 is a flow chart showing the flow of erasure processing of anenciphered key 1 in the first embodiment;

FIG. 12 is a flow chart showing the flow of key generation processing;

FIG. 13 is a block diagram showing the construction of a key generatingcircuit;

FIG. 14 is a block diagram showing the construction of anenciphering/deciphering device in a second embodiment;

FIG. 15 is a block diagram showing the construction of anenciphering/deciphering device in a third embodiment;

FIG. 16 is a flow chart showing the flow of encryption/decryptionprocessing in a fourth embodiment;

FIG. 17 is a flow chart showing the flow of encryption/decryptionprocessing in the fourth embodiment;

FIG. 18 is a flow chart showing the flow of encryption/decryptionprocessing in the fourth embodiment;

FIG. 19 illustrates a portion of an FD drive 5 and FDs 1 and 2 in anenciphering/deciphering device in a fifth embodiment;

FIG. 20 is a flow chart showing the flow of encryption processing in thefifth embodiment;

FIG. 21 is a flow chart showing the flow of encryption processing in thefifth embodiment;

FIG. 22 illustrates a data structure of an enciphered file;

FIG. 23 is a flow chart showing the flow of decryption processing in thefifth embodiment;

FIGS. 24a and 24b are a flow chart showing the flow of decryptionprocessing in the fifth embodiment;

FIG. 25 illustrates a portion of a FD drive 5 and FDs 1 and 2 in anenciphering/deciphering device in a sixth embodiment;

FIG. 26 is a flow chart showing the flow of encryption processing in aseventh embodiment;

FIG. 27 is a flow chart showing the flow of encryption processing in theseventh embodiment;

FIG. 28 is a flow chart showing the flow of encryption processing in theseventh embodiment;

FIG. 29 shows how management keys corresponding to a management systemin a company or the like are distributed;

FIG. 30 is a block diagram showing the construction of a network database system;

FIG. 31 is a block diagram showing the construction of an electronicmail system;

FIG. 32 is a block diagram showing the construction of an electronicbulletin board system;

FIG. 33 shows how encryption/decryption processing of transmitted andreceived information including an authenticator is performed;

FIG. 34 illustrates the construction of an enciphering/decipheringdevice;

FIG. 35a illustrates encryption processing, and FIG. 35b illustratesdecryption processing by a creator of ciphertext;

FIG. 36 illustrates decryption processing by a manager or a worker otherthan the creator of ciphertext;

FIG. 37 illustrates the contents of an enciphered file;

FIG. 38 illustrates the contents of a management key file 1 included inan SVFD;

FIG. 39 illustrates the contents of a registered name reading fileincluded in the SVFD;

FIG. 40 illustrates the contents of a secret key file included in anOPFD;

FIG. 41 illustrates the contents of a management key file included inthe OPFD;

FIG. 42 illustrates the contents of a program file included in the SVFD;

FIGS. 43a and 43b are flow charts showing the procedure for processingaccording to a control program stored in the SVFD;

FIG. 44 is a flow chart showing the procedure for processing accordingto a system registration program stored in the SVFD;

FIG. 45 is a flow chart showing the procedure for processing accordingto a succession program stored in the SVFD;

FIG. 46 is a flow chart showing the procedure for processing accordingto a backup erasure program stored in the SVFD;

FIG. 47 is a flow chart showing the procedure for processing accordingto a password resetting program stored in the SVFD;

FIG. 48 is a flow chart showing the procedure for processing accordingto an OPFD release program stored in the SVFD;

FIG. 49 is a flow chart showing the procedure for processing accordingto an IDm-for-OPFD setting program stored in the SVFD;

FIG. 50 is a flow chart showing the procedure for processing accordingto a registered name reading program stored in the SVFD;

FIG. 51 is a flow chart showing the procedure for processing accordingto an OPFD customization program stored in the SVFD;

FIG. 52 is a flow chart showing the procedure for processing accordingto a management key registration program stored in the SVFD;

FIG. 53 is a flow chart showing the procedure for processing accordingto a management key elimination program stored in the SVFD;

FIGS. 54a and 54b are flow charts showing the procedure for processingaccording to a decryption program stored in the SVFD;

FIG. 55 is a flow chart showing the procedure for processing accordingto a file check program stored in the SVFD;

FIG. 56 is a flow chart showing the procedure for processing accordingto an installation program stored in the SVFD;

FIG. 57 is a flow chart showing the procedure for processing accordingto a reverse installation program stored in the SVFD;

FIG. 58 is a flow chart showing the procedure for processing accordingto a key formation program stored in the SVFD;

FIG. 59 illustrates one example of the construction of a key generatingcircuit;

FIG. 60 illustrates the contents of a program file in an OPFD;

FIGS. 61a and 61b are flow charts showing the procedure for processingaccording to a control program stored in the OPFD;

FIG. 62 is a flow chart showing the procedure for processing accordingto an encryption program stored in the OPFD;

FIGS. 63a, 63b and 63c are flow charts showing the procedure forprocessing according to a decryption program stored in the OPFD;

FIG. 64 is a flow chart showing the procedure for processing accordingto a creator decryption inhibition program stored in the OPFD;

FIG. 65 is a flow chart showing the procedure for processing accordingto a management name reading program stored in the OPFD;

FIG. 66 is a flow chart showing the procedure for processing accordingto a password resetting program stored in the OPFD;

FIG. 67 is a flow chart showing the procedure for processing accordingto an installation program stored in the OPFD; and

FIG. 68 is a flow chart showing the procedure for processing accordingto a reverse installation program stored in the OPFD.

BEST MODE FOR CARRYING OUT THE INVENTION First Embodiment

(1) Construction of enciphering/deciphering device

FIG. 1 is a block diagram showing the construction of anenciphering/deciphering device in a first embodiment. Theenciphering/deciphering device comprises a computer system 1, a displayunit 2 (a CRT display device, a liquid crystal display device, etc.), aninput device 3 (a keyboard, a pointing device, etc.), an externalstorage device 4 (a magnetic disk storage device, an optical diskstorage device, etc.), and floppy disk drives (which are hereinaftersimply referred to as FD drives) 5 and 6.

One or a plurality of files of plaintext (which are referred to asplaintext files) are stored in the external storage device 4. The filesinclude various files such as a document file created by a wordprocessor or the like, a data file obtained by filing statistical data,total data or the like, and a program file obtained by filing codes ofcomputer programs. When an enciphered file is further enciphered, theplaintext files include the enciphered file.

A floppy disk FD1 (which is hereinafter simply referred to as an FD1) ora floppy disk FD2 (which is hereinafter simply referred to as an FD2) isset in or removed from the FD drive 5. A floppy disk FD3 (which ishereinafter simply referred to as an FD3) is set in or removed from theFD drive 6.

An encryption/decryption program and a management key as described indetail later are previously stored in the FD1. A decryption program , anenciphered key erasing program and a management key as described indetail later are previously stored in the FD2. The management key storedin the FD1 and the management key stored in the FD2 are the identical.When the FD1 and the FD2 are generated, the identical management keysare respectively stored in the FDs. The FD1 is previously distributed toa creator who creates an enciphered file from plaintext file. The FD2 ispreviously distributed to a manager who manages an enciphered file. TheFD3 is for storing an enciphered file created by enciphering theplaintext file in the external storage device 4.

An operating system (OS) is stored in a ROM inside the computer system 1or the external storage device 4. The computer system 1 reads andanalyzes data inputted from the input device 3, controls the display onthe display unit 2, controls the external storage device 4, and controlsthe FD devices 5 and 6, for example. Further, the computer system 1reads in an internal memory (for example, a RAM) theencryption/decryption program stored in the FD1 and the decryptionprogram and the enciphered key erasing program stored in the FD2, andexecutes the programs.

One example of encryption (decryption) algorithms respectively includedin the encryption/decryption program and the decryption program is asshown in FIG. 2a. The example of the encryption algorithm is amodification of a DES (Data Encryption Standard) algorithm (which isreferred to as a DES cipher). Specifically, 64-bit plaintext and a56-bit key are generally used in the DES. In this example, the algorithmis so modified that 8-bit plaintext and a 12-bit key are used.

S boxes 21 to 24 convert input data into output data in accordance witha substitution (conversion) correspondence table shown in FIG. 2b. Forexample, when the input data is 1 (a decimal number), the output databecomes 14 (a decimal number). Each of operators 25 to 32 executes anexclusive-OR operation of inputted two data, and outputs the resultthereof.

8-bit plaintext to be enciphered is divided into data L1 composed of theupper four bits (=0100) and data R1 composed of the lower four bits(=1101). The data L1 is inputted to the operator 25 and the data R1(=L2) is inputted to the operators 29 and 26. A 12-bit key K(=001010000110) is divided into four blocks, that is, the first tofourth blocks each composed of three bits from the most significant bit."1" in one-bit data is added to each of the first block (=001) and thethird block (=000) as the most significant bit in the block. "0" inone-bit data is added to each of the second block (=010) and the fourthblock (=110) as the most significant bit in the block. As a result, thekey K is converted into data K1 (=1001), K2 (=0010), K3 (=1000), and K4(=0110) each composed of four bits. The data K1, K2, K3 and K4 arerespectively inputted to the operators 29, 30, 31 and 32.

In processing in the first stage, the exclusive OR of the data R1 and K1is found in the operator 29. The result of the operation is converted(substituted) in the S box 21. The exclusive OR of data obtained by theconversion and the data L1 is found in the operator 25. Datarepresenting the result R2 (=L3) is fed to the operators 30 and 27.

In the second stage, the same processing as that in the first stage isalso performed with respect to the data R2, K2 and L2. Also in the thirdand fourth stages, the same processing as that in the first stage isperformed with respect to the data R3, K3 and L3 and the data R4, K4 andL4.

8-bit ciphertext is generated by the processing in the first to fourthstages. Output data of the operator 28 becomes data L composed of theupper four bits (=1001) of the 8-bit ciphertext. Output data R4 of theoperator 27 becomes data R composed of the lower four bits (=0111) ofthe 8-bit ciphertext. The plaintext is thus successively processed everyeight bits, so that the ciphertext is successively generated every eightbits.

When the 8-bit ciphertext is deciphered to obtain 8-bit plaintext, the8-bit ciphertext is divided into data composed of the upper four bits(L1) and data composed of the lower four bits (R1). The data composed ofthe upper four bits is inputted to the operator 25 and the data composedof the lower four bits is inputted to the operators 29 and 26. Adecryption key (which is the same as the encryption key K) is dividedevery three bits as at the time of the encryption, whereby data K1 to K4are generated. The data K4, K3, K2 and K1 are respectively inputted tothe operators 29, 30, 31 and 32. The inputted data are respectivelysubjected to the processing in the first to fourth stages, wherebyplaintext composed of eight bits is generated. At the time of thedecryption, the ciphertext is thus successively processed every eightbits, so that the plaintext is successively generated every eight bits.

As an algorithm used for encryption and decryption, another algorithmsuch as FEAL (Fast Encryption Algorithm) can be also used in place ofthe DES algorithm. It does not matter which of a symmetric cryptosystemand an asymmetric cryptosystem (of a modulo exponentiation type, aknapsack type, etc.) is used as an algorithm and which of a block cipherand a stream cipher (a Vernam cipher, NFSR, etc.) is used.

The encryption/decryption processing can be realized by software (aprogram). When the encryption/decryption processing is realizedaccording to a program, the program is incorporated as a part of theencryption/decryption program stored in the FD1 and the decryptionprogram stored in the FD2. The encryption/decryption processing can bealso realized by hardware. In this case, the hardware will be providedinside or outside the computer system 1. The encryption/decryptionprogram stored in the FD1 and the decryption program stored in the FD2cause the plaintext (or the ciphertext) read out from the externalstorage device 4, a key generated in the step 106 shown in FIG. 4 asdescribed later, and the like to be inputted to the hardware to performencryption or decryption processing.

(2) Encryption and decryption processing by creator of enciphered file

FIG. 3a shows how encryption processing is performed by theencryption/decryption program stored in the FD1 which a creator of anenciphered file (hereinafter simply referred to as a creator) has. FIG.3b shows how decryption processing is performed by theencryption/decryption program. FIGS. 4 to 6 are flow charts showing theflow of processing in a case where the encryption/decryption program isexecuted by the computer system 1.

The FD1 is set in the FD drive 5 by the creator (step 101). Aninstruction to start the encryption/decryption program stored in the FD1is then entered into the computer system 1 from the input device 3 bythe creator. Consequently, the encryption/decryption program is read outfrom the FD1, and is stored in an internal memory (for example, a RAM)in the computer system 1. The computer system 1 executes the program(step 102).

A guidance on which of encryption and decryption of a file is to beselected is displayed on a display screen of the display device 2. Thecreator selects either one of the encryption and the decryption, andenters its instruction into the computer system 1 from the input device3.

When the encryption is selected (YES in step 103), the file name of aplaintext file to be enciphered is entered into the computer system 1from the input device 3 by the creator (step 104). A plaintext file 41corresponding the entered file name is read out from the externalstorage device 4, and is stored in the internal memory in the computersystem 1 (step 105).

A key 44 used for enciphering the plaintext file (which is referred toas a file key) is then generated (step 106). A method of generating thefile key 44 will be described in detail later. Plaintext in theplaintext file 41 is enciphered using the file key 44, wherebyciphertext is formed (step 107). One of the above-mentioned encryptionalgorithms is used for the encryption processing. The ciphertextgenerated by the encryption processing is stored as intermediate data 42in the internal memory in the computer system 1.

A secret key 47 is then entered into the computer system 1 from theinput device 3 by the creator (step 108) (FIG. 3b). The secret key 47 isarbitrarily determined by the creator, which can be considered to be asecret number (password). The secret key 47 is composed of an arbitrarystring of numerals, characters, or the like.

The file key 44 is enciphered using the secret key 47 (step 109). A key45 obtained by the encryption shall be referred to as an encipheredkey 1. Further, the file key 44 is enciphered using a management key 48stored in the FD1 (step 110). A key 46 obtained by the encryption shallbe referred to as an enciphered key 2. One of the above-mentionedencryption algorithms is used for the encryption processing of the filekey 44.

An enciphered file 43 is created from the enciphered keys 1 and 2 andthe ciphertext of the intermediate data 42 (step 111). FIG. 9illustrates a data structure of the enciphered file 43 on the internalmemory in the computer system 1. The enciphered keys 1 and 2 are storedin an area at the head of the enciphered file. The ciphertext of theintermediate data 42 is stored in an area succeeding the area. When theenciphered file is created, the name of the enciphered file (a file namea part or the whole of which differs from the name of the plaintextfile) is created. The name of the enciphered file may, in some cases, bealso stored in the area succeeding the data area of the enciphered file.

The FD3 is then set in the FD drive 6 by the creator (step 112). Aguidance for instructing the creator to set the FD3 in the FD drive 6will be displayed on the display screen of the display device 2 prior tothe setting if required. The enciphered file 43 and the name of theenciphered file are stored in the set FD3 (step 113). The encryptionprocessing is then terminated. FIG. 10 illustrates a memory structure ofthe FD3. The FD3 includes three areas, that is, a directory, FAT (FileAllocation Table), and a data area. The enciphered file (the encipheredkeys 1 and 2 and the ciphertext) is stored at an address AD2 on the dataarea. The address AD2 of the data area is stored at an address AD1 onthe FAT. The name of the enciphered file (the file name shall be"ABC.SEC" herein) and the address AD1 on the FAT are stored in thedirectory.

When the decryption is selected in the step 103 (NO in step 103), theFD3 is set in the FD drive 6 by the creator (step 114). A guidance forinstructing the creator to set the FD3 in the FD drive 6 may, in somecases, be displayed on the display screen of the display device 2 priorto the setting. When the FD3 is set in the FD drive 6, the file name ofthe enciphered file ("ABC.SEC", for example) is read out from thedirectory in the FD3. The file name read out is displayed on the displayscreen of the display device 2 (step 115).

The file name of the enciphered file to be deciphered is then enteredinto the computer system 1 from the input device 3 by the creator (step116). The file name can be also entered using a keyboard, or can beentered by designating the file name displayed on the display screenusing a pointing device (for example, clicking).

The directory in the FD3 is searched on the basis of the entered filename, and the address AD1 on the FAT corresponding to the file name isread out (FIG. 10). The address AD2 on the FAT is read out on the basisof the address AD1 (FIG. 10). The enciphered file is read out from thedata area in the FD3 on the basis of the address AD2 (step 117). Theenciphered file read out is stored in the internal memory in thecomputer system 1.

The secret key 47 is then entered into the computer system 1 from theinput device 3 by the creator (step 118) (FIG. 3b). The secret key 47 isused as a decryption key when the enciphered key 1 in the encipheredfile is deciphered (step 119). Consequently, the entered secret key 47is the same as that used when the file key 44 in the enciphered file isenciphered. The creator manages which file key is enciphered by whichsecret key. The creator enters the same key as the secret key used whenthe file key 44 is enciphered to generate the enciphered key 1.

The enciphered key 1 is deciphered using the secret key 47 (thedecryption key), to obtain the file key 44 (step 119). In the decryptionprocessing, it goes without saying that the same encryption (decryption)algorithm as that in a case where the file key 44 is enciphered is used.The ciphertext included in the enciphered file is then deciphered usingthe file key 44 (the decryption key), to obtain the plaintext file 41(step 120). Even in this decryption processing, the same encryption(decryption) algorithm as that in a case where the plaintext file isenciphered is used. The plaintext file 41 is stored in the internalmemory in the computer system 1. The decryption processing is thenterminated. At this time, the enciphered key 2 is not used.

The plaintext file 41 stored in the internal memory in the computersystem 1 can be also stored in the external storage device 4 or anotherfloppy disk from the internal memory.

In this encryption processing, the file key is automatically generated,whereby the creator need not enter the file key or need not know thecontents of the file key. Consequently, the data encryption key can beprevented from leaking out to a third person due to carelessness, forexample, of the creator of the ciphertext data. Since the ciphertext andthe file key for deciphering the ciphertext (the enciphered keys 1 and2) are stored in the FD3, the management of a correspondencetherebetween is easy. Further, the file key is enciphered by the secretkey and the management key, respectively. Even if the ciphertext and thefile key for deciphering the ciphertext are stored in one FD3,therefore, it is possible to maintain high security.

In the steps 108 and 118, it is also possible to previously store thesecret key 47 in a magnetic card, an IC card (for example, a memorycard), an optical card, or the like and enter the secret key 47 into thecomputer system 1 from a card reader. If an enciphering/decipheringdevice is given to each of creators and is employed as a devicededicated to the creator, it is also possible to previously store aplurality of secret keys in the external storage device 4, the internalROM, or the like, display the secret keys on the display screen of thedisplay device 2, and select one of the displayed secret keys. Further,a key obtained by further enciphering the entered secret key 47 can bealso used for enciphering the file key.

(3) Description processing by manager of enciphered file

FIG. 7 shows how processing in a case where a manager of an encipheredfile (which is hereinafter simply referred to as a manager) deciphers anenciphered file is performed. The FD3 storing the enciphered file ishanded over to the manager from the creator. The manager deciphers theenciphered file using the decryption program and the management keystored in the FD2 which himself or herself has. FIG. 8 is a flow chartshowing the flow of processing in a case where the decryption program isexecuted by the computer system 1.

The FD2 is set in the FD drive 5 by the manager (step 131). Aninstruction to start the decryption program stored in the FD2 is thenentered into the computer system 1 from the input device 3 by themanager. Consequently, the decryption program is read out from the FD2,and is stored in the internal memory in the computer system 1. Thecomputer system 1 executes the decryption program (step 132).

The FD3 is then set in the FD drive 6 by the manager (step 114). Theprocessing in the step 114 and the subsequent steps 115 to 117 isentirely the same as the processing in the foregoing steps 114 to 117shown in FIG. 6 and hence, the description thereof is not repeated.

The management key 48 stored in the FD2 is then read out, and is storedin the internal memory in the computer system 1 (step 133) (see FIG. 7).This readout is automatically performed according to the program. Themanagement key 48 is stored in a particular location of the FD2. Thedecryption program includes an address representing the particularlocation. Consequently, the computer system 1 can read out themanagement key 48 from the particular location of the FD2. Themanagement key 48 is used as a decryption key when the enciphered key 2is deciphered (step 134). Consequently, the management key 48 is thesame as the management key used when the file key 44 of the encipheredfile is enciphered to generate the enciphered key 2. As described above,the same management key is previously stored in the FD1 and the FD2,whereby there is no problem.

The enciphered key 2 included in the enciphered file 43 is decipheredusing the management key 48 (the decryption key), to obtain the file key44 (step 134). In this decryption processing, the same encryption(decryption) algorithm as that in a case where the file key 44 isenciphered is used. The ciphertext 42 is then deciphered using the filekey 44 (the decryption key), to obtain the plaintext file 41 (step 135).Also in this decryption processing, the same encryption (decryption)algorithm as that in a case where the plaintext file is enciphered isused. The plaintext file 41 is stored in the internal memory in thecomputer system 1. The decryption processing is then terminated. At thistime, the enciphered key 1 is not used.

The plaintext file 41 stored in the internal memory in the computersystem 1 can be also stored in the external storage device 4 or anotherfloppy disk from the internal memory.

In this decryption processing, the manager can decipher the encipheredfile by only having the FD2, without receiving any information from thecreator. The creator is released from trouble in managing for eachcreation of an enciphered file the enciphered file with a correspondenceestablished between the enciphered file and the management key. Sincethe creator need not know the management key, and need not inform themanager of the management key, there is no possibility that themanagement key leaks out to a third person due to carelessness, forexample, of the creator. Similarly, the manager need not know themanagement key, and need not input or output the management key. Themanagement key can be thus prevented from leaking out, whereby thesecrecy of the contents of the file can be further enhanced.

The FD drives 5 and 6 can be also realized by one floppy disk drive. Inthis case, in the step 112 (FIG. 5) and the step 114 (FIG. 8), the FD1or the FD2 is taken out from the floppy disk drive, after which the FD3will be set in the floppy disk drive. The floppy disk can be replacedwith an IC card (for example, a memory card), a cassette type hard disk,a mini disk (MD), a magnetic card, or the like. In this case, the floppydisk drive can be replaced with a card reader/writer, a cassette typehard disk interface device, a mini disk interface device, or the like.

Furthermore, the enciphered file may be stored in the external storagedevice 4. In this case, the creator and the manager read out theenciphered file from the external storage device 4, to performdecryption processing.

(4) Enciphered key elimination processing by manager

FIG. 11 is a flow chart showing the flow of elimination processing ofthe enciphered key 1 by the manager.

The FD2 is set in the FD drive 5 by the manager (step 141). Aninstruction to start the enciphered key elimination program stored inthe FD2 is entered into the computer system 1 from the input device 3 bythe manager. Consequently, the enciphered key elimination program isread out from the FD2, and is stored in the internal memory in thecomputer system 1. The computer system 1 executes this program (step142).

The FD3 is then set in the FD drive 6 by the manager (step 143). Thefile names of enciphered files are read out from the directory in theFD3, and are displayed on the display screen of the display device 2(step 144). The file name selected by the manager out of the displayedfile names is entered into the computer system 1 from the input device 3(step 145). The computer system 1 reads out the enciphered file from theFD3 in accordance with the entered file name, and stores the encipheredfile read out in the internal memory (step 146). The enciphered key 1included in the enciphered file is erased (step 147). The erasure ismade by writing data different from the enciphered key 1 in an area ofthe enciphered key 1 (FIG. 9). Since the different data is written, theoriginal file key is not obtained even if the enciphered key 1 isdeciphered using the management key. The enciphered file from which theenciphered key 1 is erased is stored in the FD3 again (step 148). Theprocessing is then terminated.

By thus eliminating the enciphered key 1, the creator becomes incapableof deciphering the enciphered file. Consequently, the contents ofplaintext file which will be obtained by deciphering the enciphered filecan be prevented from leaking out due to carelessness, for example, ofthe creator. The manager can intensively manage the secrecy of theenciphered file.

Furthermore, the manager can also eliminate the enciphered key 2 in thesame manner as that in the elimination of the enciphered key 1. Thecreator can also eliminate the management key by storing the encipheredkey elimination program in the FD1.

(5) Key Generation Processing

FIG. 12 is a flow chart showing the flow of processing in a case wherethe key generation in the step 106 shown in FIG. 4 is realized bysoftware (a program). The processing program is started when the filename is entered from the input device 3 (which shall be a keyboardherein) in the step 104, for example.

When the creator key-enters the file name into the input device 3 (thekeyboard), the value of a counter (a variable provided in the program)is initialized to a previously determined value (for example, zero) bythe first key entry (step 151). Loop processing is repeated until thesubsequent key entry is made, and the value of the counter isincremented by one every time the loop is repeated (steps 152 and 153).For example, the loop processing is realized by a "for" statement, a"while" statement, or the like in a program language (for example, a Clanguage).

When the subsequent key entry is made (YES in step 153), encryptionprocessing is performed using the value of the counter at that time asplaintext and as a key (step 154). Data obtained by the encryption isused as a file key in the step 107.

An interval between key entries from the keyboard becomes a random valuedepending on the occasion. Since the random value is further encipheredto generate a key, it can be very difficult for a third person topresume the key.

A key can be also generated by a hardware circuit (a key generatingcircuit). In this case, the key generating circuit is provided inside oroutside the computer system 1. The key generating circuit generates akey by receiving an instruction to generate a key from theencryption/decryption program (step 106). FIG. 13 is a block diagramshowing one example of the construction of the key generating circuit.The key generating circuit comprises a pseudo-random number generatingcircuit 50, a shift register 58, and an enciphering circuit 59. Thepseudo-random number generating circuit 50 comprises 4-bit counters 51to 54 and gates 55 to 57 for executing an exclusive-OR operation.

An output Q4 of the counter 51 is inputted to the counter 52 and thegate 55, an output Q4 of the counter 52 is inputted to the counter 53,and an output Q4 of the counter 53 is inputted to the counter 54. Anoutput Q4, an output Q3, and an output Q1 of the counter 54 arerespectively inputted to the shift register 58, the gate 57, and thegate 56. An output of the gate 57, an output of the gate 56, and anoutput of the gate 55 are respectively inputted to the gate 56, the gate55, and the counter 51.

An initial value "one" is given to the gate 57 at the time of rising (atthe time of turning the power supply on or at the time of resetting) inorder to prevent all output values of the counters 51 to 54 from beingzero at the time of rising. A clock signal is fed to the counters 51 to54. Consequently, the pseudo-random number generating circuit 50generates a pseudo-random number based on a primitive polynomial F(x)=x^(p) +x^(q) +1 (p and q are integers) from the output Q4 of thecounter 54.

One-bit output data (a pseudo-random number) from the output Q4 of thecounter 54 is fed to the shift register 58. The shift register 58 iscomposed of arbitrary bits corresponding to the length of a key. Forexample, if the key is composed of n bits (n is a positive integer), theshift register 58 is composed of n or more bits. Further, an outputsignal is fed to the shift register 58. The output signal corresponds toan instruction to generate a key in the step 106. When the output signalis fed, the shift register 58 outputs stored data to the encipheringcircuit 59.

Data from the shift register 58 is entered as plaintext and a key intothe enciphering circuit 59. The enciphering circuit 59 performsencryption processing on the basis of the plaintext and the key, tooutput ciphertext. The ciphertext becomes a file key used in the step107. Various algorithms such as the above-mentioned DES cipher can beused as an encryption algorithm. A part of the data stored in the shiftregister 58 can be also entered as plaintext into the encipheringcircuit 59. A part of the data entered as plaintext can be also enteredas a key into the enciphering circuit 59. Further, a part of the data inthe shift register 58 and another part thereof can be also respectivelyentered as plaintext and as a key in the enciphering circuit 59. Forexample, when the shift register 58 is composed of 12 bits, the 12-bitdata can be also used for the plaintext and the key. When the shiftregister 58 is composed of 24 bits, the upper 12 bits and the lower 12bits can be also used for the plaintext and the key, respectively. Whenthe shift register 58 is composed of 18 bits, the upper 12 bits from themost significant digit and the lower 12 bits from the least significantdigit can be also used for the plaintext and the key, respectively. Thebit lengths of the plaintext and the key may be different from eachother.

Furthermore, the pseudo-random number generating circuit 50 and theenciphering circuit 59 can be also realized by software (a program).

By thus using data obtained by further enciphering the pseudo-randomnumber as a key (a file key), it can be more difficult for a thirdperson to presume the key.

Second Embodiment

FIG. 14 is a block diagram showing the construction of anenciphering/deciphering device according to a second embodiment. Thesame units as those in the enciphering/deciphering device according tothe first embodiment (see FIG. 1) are assigned the same referencenumerals. The second embodiment differs from the first embodiment inthat an internal storage device 11 (a ROM, a magnetic disk storagedevice, an optical disk storage device, etc.) is contained in a computersystem 1a. The encryption/decryption program and the management keystored in the FD1 and the decryption program stored in the FD2 in thefirst embodiment are previously stored in the internal storage device11. A floppy disk FD4 (which is hereinafter simply referred to as anFD4) storing a management key and an enciphered key elimination programis set in or removed from an FD drive 5. The management key stored inthe internal storage 11 and the management key stored in the FD4 are theidentical. The FD4 is previously distributed to a manager.

A creator enciphers and deciphers a file using the encryption/decryptionprogram and the management key stored in the internal storage device 11.The manager deciphers using the management key in the FD4 and thedecryption program in the internal storage device 11, and eliminates anenciphered key 1 or 2 using the enciphered key elimination program.

A flow chart showing the flow of file encryption processing, filedecryption processing, and enciphered key elimination processing in thesecond embodiment is the same as that shown in FIGS. 4 to 6, FIG. 8 andFIG. 11 in the first embodiment except for the following. Specifically,the setting of the FD1 in the step 101 is not required, and theencryption/decryption program is read out from the internal storagedevice 11 and is started in the step 102. In the step 110, themanagement key is read out from the internal storage device 11. In thesteps 131 and 141, the FD4 is set in the FD drive 5. In the step 132,the decryption program is read out from the internal storage device 11and is started.

As a modified example of the second embodiment, a decryption program ispreviously stored in not the internal storage device 11 but the FD4, asin the first embodiment.

Third Embodiment

FIG. 15 is a block diagram showing the construction of anenciphering/deciphering device in a third embodiment. The same units asthose in the first embodiment (FIG. 1) are assigned the same referencenumerals.

The enciphering/deciphering device differs from the first embodiment inthat an adaptor 7 is connected to a computer system 1. The adaptor 7 isa device comprising a storage device storing an encryption/decryptionprogram, a decryption program and a management key and a device forexecuting the program (a processor, a microcomputer, etc.).

Encryption/decryption processing in the third embodiment is the same asthat in the second embodiment except that the adaptor 7 executes aprogram in file encryption processing, decryption processing, andenciphered key elimination processing in the third embodiment, and theencryption/decryption program and the decryption program are read outfrom the storage device inside the adaptor 7 and hence, the descriptionthereof is not repeated.

The adaptor 7 can also comprise a floppy disk drive. An FD1 storing theencryption/decryption program and the management key is set in thefloppy disk drive, whereby the adaptor 7 can also execute theencryption/decryption program in the FD1 to perform encryption anddecryption processing.

Fourth Embodiment

In a fourth embodiment, the secret key in the first embodiment is notentered by a creator (step 108 in FIG. 4) but automatically generated bythe above-mentioned key generation processing (FIG. 12 or 13). Thehardware in the first to third embodiments can be employed as hardwareof an enciphering/deciphering device.

FIGS. 16 to 18 are flow charts showing the flow of processing in a casewhere the enciphering/deciphering device according to the firstembodiment is used. Processing in the steps 101 to 107 is the same asthat in the first embodiment (FIG. 4) and hence, the description thereofis not repeated. In the step 168, a secret key is automaticallygenerated by the above-mentioned key generation processing (FIG. 12 or13). The generated secret key is used for enciphering a file key (step109), and is then stored in an FD1 by establishing a correspondence withthe file name of an enciphered file (step 169). The file name of theenciphered file becomes an identification code (ID) of the secret key.Processing in the steps 110 to 113 (which is the same as that in thefirst embodiment) is performed.

At the time of deciphering the enciphered file (NO in step 103), thefile name of the enciphered file (the ID of the secret key) stored inthe FD1 in the step 169 is read out from the FD1, and is displayed on adisplay screen of a display device 2 (step 170). Subsequently, the filename of the enciphered file (the ID of the secret key) to be decipheredis entered into a computer system 1 from an input device 3 by a creator.The secret key stored by establishing a correspondence with the enteredfile name is read out from the FD1 (step 172), and is stored in aninternal memory in a computer system 1.

An FD3 is then set in an FD drive 6 (step 173). The enciphered filehaving the file name entered in the step 171 is read out from the FD3(step 174), and is stored in the internal memory in the computersystem 1. Decryption processing is performed on the basis of the secretkey and the enciphered file read out (steps 119 and 120).

Processing by a decryption program and an enciphered key eliminationprogram in an FD2 is entirely the same as the processing in the flowcharts respectively shown in FIG. 8 and 11 and hence, the descriptionthereof is not repeated.

Since in the fourth embodiment, the secret key is automaticallygenerated and is stored in the FD1 by establishing a correspondence withthe file name of the enciphered file, the creator need not manage thesecret key.

Fifth Embodiment

In a fifth embodiment, a plurality of different management keys arepreviously stored in an FD1. FIG. 19 illustrates a portion of an FDdrive 5 of an enciphering/deciphering device and an FD1 and an FD2. Theother units are the same as those in the first embodiment (FIG. 1).

n management keys (which are taken as M1 to Mn) are previously stored inthe FD1. Identification codes are previously assigned to the managementkeys M1 to Mn, respectively. The management keys and the identificationcodes are stored in the FD1 and FD2 with a correspondence establishedtherebetween. One management key Mi (i=1 to n) out of the managementkeys M1 to Mn is previously stored in the FD2. It is possible to takesuch a form of distribution that the FD2 storing the management key Miis distributed to a certain manager and the FD2 storing a management keyMj (i≠j) is distributed to the other manager.

FIGS. 20 and 21 are flow charts showing the flow of processing in a casewhere a creator enciphers a file using an encryption/decryption programin the FD1. Since the steps 101 to 109 are the same as those in theprocessing according to the first embodiment (see FIG. 4) and hence, thedescription thereof is not repeated.

After a file key is enciphered using a secret key (step 109), theidentification codes of the management keys are read out from the FD1,and are displayed on a display screen of a display device 2 (step 181).The contents of the management keys are not displayed. The creatorselects one of the displayed identification codes (step 182). Themanagement key corresponding to the selected identification code is readout. The file key is enciphered using the management key, to generate anenciphered key 2 (step 183). An enciphered file is then created (step111), and is stored in an FD3 (steps 112 and 113).

The enciphered file has a data structure illustrated in FIG. 22.Specifically, the identification code of the management key used forenciphering the file key to generate the enciphered key 2 is placedbetween the enciphered key 2 and ciphertext. The identification code ofthe management key is used when a manager deciphers the enciphered fileusing a decryption program in the FD2. FIGS. 23 and 24 are flow chartsshowing the flow of processing in a case where the manager deciphers theenciphered file using the decryption program in the FD2.

Processing in the steps 131 to 117 is the same as that in the firstembodiment (FIG. 8) and hence, the description thereof is not repeated.When the enciphered file is read out from the FD3 (step 117), theidentification code of the management key included in the encipheredfile is read out. The management key corresponding to the identificationcode is read out from the FD2. If the management key corresponding tothe identification code is stored in the FD2 (YES in step 185),processing in the steps 134 and 135 (which is the same as that shown inFIG. 8) is performed. If the management key corresponding to theidentification code is not stored in the FD2 (NO in step 185), a messagereporting that decryption is impossible is displayed on the displayscreen of the display device 2 (step 186), whereby the processing isterminated.

Processing in a case where the creator deciphers the enciphered file (NOin step 103) is entirely the same as that in FIG. 6 (the firstembodiment) and hence, the description thereof is not repeated. Further,elimination processing of the enciphered key 1 using an enciphered keyelimination program in the FD2 is the same as that in the flow chartshown in FIG. 11 (the first embodiment) and hence, the descriptionthereof is not repeated.

In the fifth embodiment, the creator can select, when a plaintext fileis enciphered, a management key which a manager of the enciphered filehas. That is, the creator can properly use the management key for eachenciphered file.

Modified examples of the fifth embodiment include one comprising aninternal storage device 11 as in the second embodiment, one comprisingan adaptor 7 as in the third embodiment, and one automaticallygenerating a secret key as in the fourth embodiment.

Sixth Embodiment

In a sixth embodiment, a plurality of different management keys and allor parts of the plurality of management keys are respectively stored inan FD1 and an FD2. FIG. 25 illustrates a portion of an FD drive 5 in anenciphering/deciphering device and an FD1 and an FD2. The other unitsare the same as those in the first embodiment (FIG. 1). n managementkeys M1 to Mn are previously stored in the FD1. Three management keysMi, Mj and Mk (i, j, k=1 to n, i≠j≠k) out of the management keys M1 toMn are previously stored as one example in the FD2. Identification codesare previously assigned to the management keys M1 to Mn, respectively.The management keys and the identification codes are stored in the FD1and the FD2 with a correspondence established therebetween.

Processing in a case where a creator enciphers and deciphers a fileusing an encryption/decryption program in the FD1 is the same as that inthe fifth embodiment. Processing in a case where a manager deciphers afile using a decryption program in the FD3 and processing in a casewhere a manager eliminates an enciphered key 1 using an enciphered keyelimination program are also the same as those in the fifth embodiment(the first embodiment) and hence, the description thereof is notrepeated herein.

Modified examples of the sixth embodiment include one comprising aninternal storage device 11 as in the second embodiment, one comprisingan adaptor 7 as in the third embodiment, and one automaticallygenerating a secret key as in the fourth embodiment.

Seventh Embodiment

In a seventh embodiment, a management key is newly generated. Thehardware in the fifth embodiment or the sixth embodiment can be employedas hardware of an enciphering/deciphering device.

FIGS. 26 to 28 are flow charts showing the flow of processing in a casewhere a creator enciphers a file using an encryption/decryption programin an FD1. Processing in the steps 101 to 109 and 181 is the same asthat in the fifth embodiment (FIGS. 20 and 21) and hence, thedescription thereof is not repeated. The creator chooses whether or nota file key is to be enciphered using a management key corresponding toany one of displayed identification codes of management keys (step 191).If any one of the management keys corresponding to the displayedidentification codes is used (NO in step 191), one of the displayedidentification codes is selected (step 182). The file key is encipheredusing the management key corresponding to the selected identificationcode, to generate an enciphered key 2 (step 183). Processing in thesteps 111 to 113 is performed in the same manner as that shown in FIG.21.

When a new management key is generated without using the management keystored in the FD1 (YES in step 191), the new management key (which istaken as M_(n+1)) is generated by the above-mentioned key generationprocessing (FIG. 12 or FIG. 13) (step 192). An identification code isgenerated to have a correspondence with the generated management keyM_(n+1). The management key M_(n+1) and the identification code arestored in the FD1 (step 193). An FD2 is then set in an FD drive 5 by thecreator (step 194). If there are a plurality of FD2s, one arbitrary FD2can be set. The management key M_(n+1) and the identification code arestored in the set FD2 (step 195). Processing in the step 183 and thesubsequent steps is then performed.

Processing in a case where the creator performs decryption processingusing an encryption/decryption program in the FD1 (NO in step 103) isentirely the same as that shown in FIG. 6 and hence, the descriptionthereof is not repeated. Decryption processing performed by a managerusing a decryption program in the FD2 is entirely the same as that inthe fifth embodiment (FIGS. 23 and 24) and hence, the descriptionthereof is not repeated. Elimination processing of an enciphered key 1using an enciphered key elimination program in the FD2 is also the sameas that in the flow chart shown in FIG. 11 and hence, the descriptionthereof is not repeated.

By storing the generated new management key M_(n+1) in the FD, a new FD2having the management key M_(n+1) can be generated.

Modified examples of the seventh embodiment include one comprising aninternal storage device 11 as in the second embodiment, one comprisingan adaptor 7 as in the third embodiment, and one automaticallygenerating a secret key as in the fourth embodiment.

Applied Examples

(1) Distribution of management key corresponding to management system incompany or the like

FIG. 29 illustrates one applied example using an enciphering/decipheringdevice. In a company or the like, such a hierarchical management systemthat there are a general manager, a section manager and a chief under apresident.

An FD21 storing management keys MA, MB, MC and MD is previouslydistributed to the president. An FD22 storing the management keys MB, MCand MD is previously distributed to the general manager. An FD23 storingthe management keys MC and MD is previously distributed to the sectionmanager. An FD24 storing the management key MD is previously distributedto the chief. The decryption program in the fifth or sixth embodiment isstored in each of the FD21 to FD24. An FD1 storing a secret key S andthe management keys MA to MD (and an encryption/decryption program) isgiven to a creator. The creator may, in some cases, a mere staff memberor a manager such as a president. The hardware and the software in thesixth or seventh embodiment can be employed as hardware and software ofthe enciphering/deciphering device used by the creator and the manager.

An enciphered key 2 included in enciphered information A (an encipheredfile) and an enciphered key 2 included in enciphered information B canbe respectively deciphered to obtain file keys using the management keyMA and the management key MB. An enciphered key 2 included in encipheredinformation C and an enciphered key 2 included in enciphered informationD can be respectively deciphered using the management key MC and themanagement key MD. Further, the enciphered information A is taken asinformation having the highest secrecy which only the president can seeby decryption, and the enciphered information B is taken as informationwhich persons who are not lower in position than the general manager cansee. The enciphered information C is taken as information which personswho are not lower in position than the section manager can see, and theenciphered information D is taken as information which persons who arenot lower in position than the chief can see.

The creator selects a management key to perform encryption processingdepending on the secrecy of the generated information. For example, inthe case of the information which only the president can see, theinformation is enciphered using the management key MA. The managementand the production of enciphered information corresponding to the levelof the secrecy (the importance) of information can be carried out bydistributing one or a plurality of management keys to the manager andproperly using the management keys depending on the level of the secrecyof the information.

(2) Network data base system

FIG. 30 is a block diagram showing the construction of a network database system. The network data base system comprises a data base system60, clients 63 to 68 (for example, a computer system comprising acommunication device), and a communication line 69 connecting the database system 60 and the clients 63 to 68. The data base system 60comprises a server 61 (a communication device, a computer systemcomprising a communication circuit, etc.) and a storage device 62 (amagnetic disk storage device, an optical disk storage device, etc.). Theserver 61 includes a device for retrieving information (a file) storedin the storage device 62.

The hardware and the software shown in the fifth or sixth embodiment canbe employed as hardware and software of the clients 63 to 68. Thehardware is provided with a communication device for communicating withthe communication line 69. Enciphered files 1 to 4 are stored in thestorage device 62. The enciphered file 1 includes enciphered informationA1 and an enciphered key KA1. The enciphered file 2, the enciphered file3, and the enciphered file 3 respectively include enciphered informationA2 and an enciphered key KA2, enciphered information B and an encipheredkey KB, and enciphered information C and an enciphered key KC. Theenciphered keys KA1 to KC correspond to the above-mentioned encipheredkey 2. A key corresponding to the enciphered key 1 is also included ineach of the files, if required.

The enciphered key KA1 is a key obtained by enciphering a file key usedwhen the enciphered information A1 is generated (plaintext is encipheredto generate the enciphered information A1) using a management key MA.The enciphered key KA2 is a key obtained by enciphering a file key usedwhen the enciphered information A2 is generated using the management keyMA. The enciphered key KB is a key obtained by enciphering a file keyused when the enciphered information B is generated using a managementkey MB. The enciphered key KC is a key obtained by enciphering a filekey used when the enciphered information C is generated using amanagement key MC.

The management key MA is previously distributed to only the clients 63to 66. The management key MB is previously distributed to only theclients 63, 64, 66 and 67. The management key MC is previouslydistributed to all the clients 63 to 68.

The server 61 and each of the clients 63 to 68 communicate with eachother through the communication line 69. Each of the clients 63 to 68designates an enciphered file to be referred to (read) and transmits areference request to the server 61. The server 61 receives the requestand retrieves the designated enciphered file in the storage device 62.The retrieved enciphered file is transmitted to the client on the sideof the reference request via the communication line 69 from the server61. The clients 63 and 66 each having the management keys MA to MC candecipher and refer to (read) all the enciphered files 1 to 4. Theclients 64 and 67 each having only the management keys MB and MC candecipher and refer to only the enciphered files 3 and 4. The clients 65and 68 each having only the management key MC can decipher and refer toonly the enciphered file 4.

By thus respectively enciphering the file keys for the encipheredinformation using the different management keys, to make the managementkeys distributed to the respective clients different from each other,the files (information) which can be referred to by the respectiveclients can be made different from each other and can bediscriminatingly read.

(3) Electronic mail system

FIG. 31 is a block diagram showing the construction of an electronicmail system. The electronic mail system comprises a mail center 70,communication devices 73 to 78, and a communication line 79 connectingthe mail center 70 and the communication devices 73 to 78. The mailcenter 70 comprises a communication device 71 (including a computersystem comprising a communication circuit) and a storage device 72 (amagnetic disk storage device, an optical disk storage device, etc.). Allthe communication devices 73 to 78 can be sending stations or receivingstations of mail. The hardware and the software in the fifth to seventhembodiments can be employed as hardware and software of thecommunication devices 73 to 78. The hardware is provided with acommunication device for communicating with the communication line 79.

Consider a case where the communication device 74 (the sending station)transmits mail (which is taken as mail a) to the communication devices75 and 77 (the receiving stations). The sending station 74 generates amanagement key MA, and distributes (transmits) the key MA to thereceiving stations 75 and 77. In the sending station 74, a key kA isgenerated, and the mail a is enciphered using the key kA, to createenciphered mail A. The key kA is enciphered using the management key MA,to generate an enciphered key KA. An enciphered file 1 is created by theenciphered mail A and the enciphered key KA. The enciphered file 1 istransmitted to the mail center 70, and is stored in the storage device72. At the same time, the sending station 74 transmits a notification(which is taken as a notification A) that it has transmitted the mail a(or the enciphered mail A) to the receiving stations 75 and 77. Thenotification A includes an identification code for identifying theenciphered file 1 from a plurality of files (mail) stored in the mailcenter 70.

The receiving stations 75 and 77 which have received the notification Aread out the enciphered file 1 from the mail center 70 on the basis ofthe identification code included in the notification A. The receivingstations 75 and 77 decipher the enciphered key KA included in theenciphered file 1 using the management key MA to generate a key kA, anddeciphers the enciphered mail A using the key kA, to obtain mail a.

The sending station 74 may not transmit the management key MA to thereceiving stations 75 and 77 prior to the notification A, but transmitthe management key MA with it contained in the notification A.

Processing is similarly performed with respect to a case where thesending station 74 transmits mail different from the mail a (which istaken as mail b) to the communication device 73 (the receiving station).Specifically, a management key MB generated in the sending station 74 issent to the receiving station 73. The mail b is enciphered using agenerated key kB, to create enciphered mail B. The key kB is encipheredusing the management key MB, to generate an enciphered key KB. Anenciphered file 2 is created from the enciphered mail B and theenciphered key KB, and the enciphered file 2 is stored in the mailcenter 70. A notification B is then transmitted to the receiving station73. The receiving station 73 reads out the enciphered file 2 from themail center 70. In the receiving station 73, the enciphered key KBincluded in the enciphered file 2 is deciphered using the management keyMB, to obtain a key kB, and the enciphered mail B is further decipheredusing the key kB, to obtain mail b.

In the electronic mail system, even when mail is transmitted to aplurality of receiving stations from a sending station, the mail may beonly transmitted to one mail center, whereby the communication cost onthe side of the sending station can be reduced. Even if a third personwho is not a receiving person of mail can read the mail stored in themail center or the mail on the communication line, he or she cannot knowthe contents thereof, whereby the secrecy of the mail can be achieved.

Other examples of the electronic mail system include one in whichcommunication devices 73 to 78 respectively comprise storage deviceseach storing an enciphered file (enciphered mail and an enciphered key).In a sending station, an enciphered file to be transmitted is stored ina storage device provided in the sending station. A receiving stationreads out the enciphered file from the storage device in the sendingstation. In this case, the necessity of providing a mail center iseliminated.

(4) Electronic bulletin board system

FIG. 32 is a block diagram showing the construction of an electronicbulletin board system. The electronic bulletin board system comprises anelectronic bulletin board device 80, clients 83 to 88 (a communicationdevice, a computer system comprising a communication circuit, etc.), anda communication line 89 connecting the electronic bulletin board device80 and the clients 83 to 88. The electronic bulletin board device 80comprises a server 81 (a communication device, a computer systemcomprising a communication circuit, etc.) and a storage device 82 (amagnetic disk storage device, an optical disk storage device, etc.).

The electronic bulletin board device 80 is one obtained byelectronically implementing a bulletin board. The clients 83 to 88 storeinformation to be put up in the storage device 82 via the server 81. Allthe clients 83 to 88 can refer to the information to be put up which isstored in the storage device 82, similarly to information stuck on thebulletin board.

The server 81 includes an encryption/decryption program (or anenciphering (deciphering) circuit) and a key generation program (or akey generating circuit). When each of the clients 83 to 89 issues arequest to generate a management key to the server 81, the server 81generates a management key. The generated management key is transmittedto the client who has issued the request to generate a management key.The client distributes the generated management key to the other clientwho is desired to see information put up on the bulletin board, and theclient itself also holds the management key. The client to which themanagement key is distributed also holds the distributed management key.

Consider a case where information (which is taken as information a)which the client 83 (Mr. Ozawa) desires only the client 87 (Mr.Hosokawa) to refer to (read) is put up on an electronic bulletin boardby way of example. The client 83 issues a request to generate amanagement key to the server 81. A management key (which is taken as MA)generated by the server 81 is sent to the client 83. The client 83transmits (distributes) the management key MA to the client 87, and theclient 83 itself also holds the management key MA. The client 83transmits the information a to be put up on the electronic bulletinboard and the management key MA to the server 81. The server 81generates a key kA by a key generation program (or a key generatingcircuit). The server 81 enciphers the information a to be put up usingthe key kA, to generate enciphered information A. The server 81enciphers the key kA using the management key MA, to generate anenciphered key KA. An enciphered file 1 is created from the encipheredinformation A, the enciphered key KA and a message "Mr. Hosokawa"reporting that information to be put up is directed to Mr. Hosokawa. Theenciphered file 1 is stored in the storage device 82, and is put up. Themessage "Mr. Hosokawa" is put up as it is without being enciphered.

The information to be put up can be referred to by all the clients 83 to88. Only the client 87 who has the management key MA (Mr. Hosokawa) andthe client 83 who has put up the information (Mr. Ozawa) can decipherand refer to the enciphered information A. The client 87 sees themessage "Mr. Hosokawa" to confirm that the information to be put up isdirected to itself. The client 87 transmits a request to decipher theenciphered information A and the management key MA to the server 81. Theserver 81 deciphers the key KA using the management key MA to obtain akey kA, and deciphers the enciphered information A using the key kA toobtain information a. The information a is transmitted to the client 87.Consequently, the client 87 can know the contents of the information ato be put up.

The same processing is also performed in a case where there isinformation (an enciphered file 2) which the client 83 makes only theclient 84 (Mr. Kono) refer to.

By thus applying encryption processing using a management key to anelectronic bulletin board system, it is possible to realize anelectronic bulletin board system in which information can be referred to(read) only by a particular person.

Each of the clients 83 to 88 can also comprise both or one of a keygeneration program (or a key generating circuit) and anencryption/decryption program (or an enciphering (deciphering) circuit)to perform both or one of key generation made by the server 81 andencryption processing of information to be put up and a key.

(5) Encryption/decryption of authenticator

FIG. 33 illustrates an example in which encryption/decryption processingis applied to an authenticator used in a case where authentication(judgment whether or not transmitted information is reliably received)is performed in transmission and receiving of information in theelectronic mail system and the electronic bulletin board system asmentioned above. The hardware in the electronic mail system and theelectronic bulletin board system can be employed as hardware of acommunication system. As hardware of a transmitter 200 and a receiver220, the hardware in the first to seventh embodiments which is providedwith a communication device can be used. Further, as software orhardware of the transmitter 200 and the receiver 220, software orhardware for enciphering and deciphering an authenticator as describedlater is added to the software or hardware in the first to seventhembodiments.

The same management keys 205 and 224 are previously given to thetransmitter 200 and the receiver 220, respectively.

In the transmitter 200, a key 204 is generated (or inputted by anoperator). Transmission information 201 (the above-mentioned informationto be put up or mail, for example) to the receiver 220 is encipheredusing the key 204, to generate enciphered information 211. The key 204is enciphered using a management key 205, to generate an enciphered key212. An authenticator 202 for confirming whether or not the receiver 220reliably has received information is also enciphered using the key 204,to generate an enciphered authenticator 213 (an enciphered authenticator1). The authenticator 202 is composed of signs (for example, a string ofcharacters), sentences, or the like which are arbitrarily determined bya sending person. Transmission information 210 including the encipheredinformation 211, the enciphered key 212, and the encipheredauthenticator 213 is transmitted to the receiver 220.

In the receiver 220, the enciphered key 212 included in the transmissioninformation 210 is deciphered using the management key 224, to obtain akey 223. The key 223 is, of course, the same as the key 204. Theenciphered information 211 included in the transmission information 210is deciphered using the key 223, to obtain information 221 (which is thesame as the information 201). The enciphered authenticator 213 includedin the transmission information 210 is also deciphered using the key223, to obtain an authenticator 222 (which is the same as theauthenticator 202). Further, in the receiver 220, the authenticator 222is enciphered using the management key 224, to generate an encipheredauthenticator 231 (an enciphered authenticator 2). Return information230 including the enciphered authenticator 231 is transmitted (returned)to the transmitter 200 from the receiver 220.

In the transmitter 200, the enciphered authenticator 231 included in thereturn information 230 is deciphered using the management key 205, toobtain an authenticator 203. It is confirmed whether or not theauthenticator 203 is the same as the authenticator 202. If theauthenticator 202 and 203 are the same, it is confirmed that thetransmission information 210 is received by the correct receiver 220(receiving person). This makes it possible to prevent such unfairauthentication that a receiver other than the correct receiver which hasreceived information returns an authenticator, pretending to be acorrect receiving person.

In the transmitter 200, the authenticator 202 can be also encipheredusing the management key 205 and transmitted to the receiver 220. In thereceiver 220, the received authenticator 222 may be enciphered using thekey 223 and returned to the transmitter 200. The management key can bealso previously transmitted in secret to the receiver 220 from thetransmitter 200.

Eighth Embodiment

(1) System Configuration, Encryption/decryption processing

FIG. 34 is a block diagram showing the construction of anenciphering/deciphering device in an eighth embodiment. In FIG. 34, thesame units as those shown in FIG. 1 are assigned the same referencenumerals and hence, the description thereof is not repeated.

In the enciphering/deciphering device shown in FIG. 34, one supervisorfloppy disk (hereinafter referred to as an SVFD) and a plurality ofoperation floppy disks (hereinafter referred to as OPFDs) managed by theSVFD are determined. The plurality of OPFDs are managed by the one SVFD,and is distinguished from a plurality of OPFDs managed by the otherSVFD.

In the enciphering/deciphering device shown in FIG. 34, an FD drive 7and a hard disk drive (hereinafter referred to as an HD drive) 8 areadded to the construction of the enciphering/deciphering device shown inFIG. 1. An FD drive 5 or an FD drive 6 can, of course, also serve as theFD drive 7.

In the enciphering/deciphering device shown in FIG. 34, the first OPFD1or the SVFD is set in or removed from the FD drive 5. The second OPFD2is set in or removed from the FD drive 7.

The HD drive 8 is for reproducing data recorded on a hard disk(hereinafter referred to as an HD) and recording data on the HD.

The first OPFD1 stores a program file, a secret key file, a managementkey file, a secret key, and the like, as described in detail later. TheSVFD stores a program file, a management key file, a registered namereading file, and management keys in all the OPFDs put under its ownmanagement. The second OPFD2 stores a program file, a secret key file, amanagement key file, a secret key, management keys in the other OPFDsput under the management of the SVFD, and the like.

In the enciphering/deciphering device shown in FIG. 34, it is possibleto transfer data between the OPFD1 and the OPFD2, transfer data betweenthe OPFD1 or the OPFD2 and the HD, and transfer data between the SVFDand the HD.

FIG. 35a shows how encryption processing is performed according to anencryption/decryption program stored in the OPFD1 which a worker has.FIG. 35b shows how decryption processing is performed according to theencryption/decryption program. The processing shown in FIGS. 35a and 35bare substantially the same as the processing shown in FIGS. 3a and 3b.

In the encryption processing shown in FIG. 35a, a secret key 47 and amanagement key 48 used for the encryption processing are enciphered andare stored in the OPFD1 (although the first OPFD1 is illustrated inFIGS. 35a and 35b, any OPFD may be used, provided that it is managed bythe SVFD, similarly to the first OPFD1). The secret key 47 and themanagement key 48 which are enciphered and are stored are deciphered andare read out from the OPFD1. The OPFD1 has this decryption program. Anenciphered key 1 is generated using the deciphered secret key 47, and anenciphered key 2 is generated using the deciphered management key 48.The generated enciphered keys 1 and 2 are stored in an enciphered file43, which processing is the same as the processing shown in FIG. 3a.

In the decryption processing shown in FIG. 35b, the enciphered secretkey 47 is read out from the OPFD1, to obtain a deciphered secret key.The enciphered key 1 is read out from the enciphered file 43, and theenciphered key 1 is deciphered using the deciphered secret key 47.Consequently, a file key 44 is obtained, and plaintext data is obtainedfrom ciphertext data, which processing is the same as the processingshown in FIG. 3b.

The enciphering/deciphering device shown in FIG. 34 can performdecryption processing using the OPFD other than the OPFD1 used for theencryption processing (although the second OPFD2 is illustrated herein,the other OPFD may be used, provided that it is managed by the SVFD) orthe SVFD managing the OPFD1.

FIG. 36 shows processing for deciphering using the second OPFD2 or theSVFD plaintext data which is subjected to encryption processing usingthe first OPFD1, which processing is substantially the same as theprocessing shown in FIG. 7.

The management key in the first OPFD1 is enciphered and is stored in thesecond OPFD2 and the SVFD. When the second OPFD2 or the SVFD is set inthe FD drive 6 or 7, the enciphered management key 48 is deciphered andis read out. The decryption program is also stored in the OPFD2 and theSVFD. The enciphered key 2 stored in the enciphered file 43 isdeciphered using the deciphered management key 48, to obtain a file key44. The ciphertext data is deciphered using the file key 44, to obtainplaintext data, which processing is the same as the processing shown inFIG. 7.

(2) Contents of File

FIG. 37 illustrates the contents of the enciphered file 43.

The enciphered file 43 stores a version number of an OPFD for ciphertextcreation storing a secret key 47 and a management key 48 used forgenerating enciphered keys 1 and 2 as shown in FIG. 35, creatordecryption inhibition information indicating whether or not inhibitionof decryption by a ciphertext creator is set as described later, IDsstored in the OPFD for ciphertext creation (the IDs is constituted by aninherent name given to the SVFD and identification data inherent to theSVFD, as described later), IDm stored in the OPFD for ciphertextcreation (the IDm is constituted by an inherent name given to the OPFDand identification data inherent to the OPFD, as described later), afile number IDf inherent to the enciphered file 43, the file name ofplaintext data, the enciphered key 1, the enciphered key 2, the size ofciphertext, and ciphertext data.

FIGS. 38 and 39 illustrate the contents of registration files in theSVFD. The registration files in the SVFD include a management key file 1as shown in FIG. 38 and a registered name reading file as shown in FIG.39.

Referring to FIG. 38, the management key file 1 stores an encipheredpassword obtained by enciphering a password for confirming a user of theSVFD, a version number indicating the version of the SVFD (the versionnumber is registered before shipment of the SVFD), and IDs for the SVFD.The management key file 1 further stores IDms for OPFDs put under itsown management, enciphered management keys obtained by encipheringmanagement keys stored in the OPFDs, and customization flags (a nameconstituting the IDm is given to the OPFD as described later, a casewhere the name is given is referred to as "customized", and a case wherethe name is not given is referred to as "not-customized"), the number ofwhich corresponds to the number of OPFDs managed by the SVFD.

Referring to FIG. 39, the registered name reading file stores IDs forthe SVFD, the names of all OPFDs managed by the SVFD, and the names ofOPFDs storing management keys which can be deciphered by the OPFDsmanaged by the SVFD.

FIGS. 40 and 41 illustrate the contents of registration files in anOPFD. The registration files in the OPFD include a secret key file asshown in FIG. 40 and a management key file 2 as shown in FIG. 41.

Referring to FIG. 40, the secret key file stores a version numberindicating the version of the OPFD, an enciphered password obtained byenciphering a password for confirming a user of the OPFD, IDs for theSVFD managing the OPFD, IDm for its own, and an enciphered managementkey obtained by enciphering its own management key.

The secret key file further stores enciphered secret keys each obtainedby enciphering a secret key for enciphering a file key and file numberseach inherent to the enciphered file 43, the number of which correspondsto the number of generated ciphertext data.

The OPFD has a program for deciphering the enciphered secret key, butdoes not have a program for deciphering its own enciphered managementkey. In the OPFD, therefore, the secret key can be deciphered, so thatthe ciphertext data can be deciphered.

Referring to FIG. 41, the management key file 2 stores encipheredmanagement keys obtained by enciphering management keys in the otherOPFDs and IDms for the other OPFDs. The management key file 2 in theOPFD stores the enciphered management keys and the IDms, whereby theenciphered key 2 generated using the management key stored in the otherOPFD can be deciphered, so that decryption processing is made possible.

(3) Contents of Program in SVFD

FIG. 42 illustrates the contents of the program file stored in the SVFD.FIGS. 43 to 58 are flow charts corresponding to programs stored in theprogram file.

FIGS. 43a and 43b are flow charts of a control program 1, mainly showingthe procedure for processing for displaying a menu panel on the displayunit 2.

The SVFD is set in the FD drive 5 by a manager having the SVFD. Datarepresenting the contents of the program file stored in the SVFD areread out by the FD drive 5, and the contents of the program file aredisplayed on the display unit 2 in a form as shown in FIG. 42.

When a command to operate the control program 1 in the contents of theprogram file displayed on the display unit 2 is given from the inputdevice 3, the operation of the control program 1 is started.

In FIG. 43a, when the operation of the control program 1 is started, thecontents of data in the management key file 1 stored in the SVFD areread out by the FD drive 5, and are stored in the internal memory in thecomputer system 1 (step 201).

In the enciphering/deciphering shown in FIG. 34, the contents of thedata stored in the SVFD are loaded into the HD, and the data are readout from the HD, so that encryption processing or decryption processingcan be performed. Therefore, it is judged which of the data in the SVFDand the data in the HD into which the data in the SVFD is loaded is tobe read out (step 202). The judgment of the data reading is madedepending on which of a command to read out the data from the SVFD and acommand to read out the data from the HD is given from the input device3.

When the command to read out the data stored in the SVFD is given, it isjudged whether or not an execution inhibition flag is set to one (step203). The reason for this is that in a case where the contents of thedata stored in the SVFD are installed in the HD as described later, thedata in the SVFD are inhibited from being read out, whereby theexecution inhibition flag is set to one. When the execution inhibitionflag is set to one, therefore, the control program 1 is terminated (YESin step 203).

The enciphered password and the IDs for the SVFD in the management keyfile 1 in the SVFD are stored in the SVFD by initial setting.

If the execution inhibition flag is not set to one (NO in step 203), itis judged whether or not the initial setting of the SVFD has beenalready finished (step 204).

If the initial setting of the SVFD has not been finished (NO in step204), locations storing the enciphered password and the IDs are formedin the management key file 1 in the SVFD, to perform the initial setting(step 205). The version numbers of the SVFD and the OPFD have beenalready registered at the time of shipment.

When the initial setting is finished, indications of system registrationprocessing and succession processing are displayed on the display unit2, whereby system registration processing or succession processing areperformed in accordance with a command from the input device 3 (steps206 and 207). The system registration processing and the successionprocessing will be described later.

When the initial setting of the SVFD has been finished (YES in step204), a password is entered from the input device 3 by a manager of theSVFD (step 210). It is judged whether or not the password coincides witha password represented by the enciphered password which has been alreadystored in the management key file 1 (step 211).

When the passwords coincide with each other (YES in step 211), it isjudged that a user of the SVFD is a fair user, whereby indications ofbackup erasing processing (step 212), password resetting processing(step 213), OPFD inhibition releasing processing (step 214),IDm-for-OPFD setting processing (step 215), processing for reading aname registered in an OPFD (step 216), processing for customizing anOPFD under its own management (step 217), management IDm registeringprocessing (step 218), management key eliminating processing (step 219),ciphertext data deciphering processing (step 220), and file checkingprocessing (step 221) are displayed on the display unit 2. An operationcommand is given from the input device 3 by seeing the indications sothat desired processing is performed. Processing based on the givenoperation command is performed. These processings will be describedlater.

In order to create a backup file of the SVFD, the user of the SVFD thendesignates a drive used for determining a destination at which thebackup file is to be stored (the FD or the HD) and enters the name of adirectory (step 208), whereby the data stored in the management key file1 and the registered name reading file and generated in the steps 212 to221 are transferred to the backup file (step 209).

FIG. 44 shows the procedure for processing according to a systemregistration program.

A name inherent to the SVFD and constituting IDs is entered by themanager (step 231). The IDs is generated from the entered name andidentification data inherent to the SVFD (random-number data, dataindicating the time when the name is entered, and the like are used asthe inherent identification data) (step 232). The generated IDs isregistered in the management key file 1 and the registered name readingfile (step 233).

A password to be registered in the SVFD is entered from the input device3 by the manager (step 234). The entered password is enciphered (step235), and is registered in the management key file 1 (step 236). Sincethe password is registered upon being enciphered, the contents thereofcan be prevented from being known even if another person reads out theenciphered password.

FIG. 45 shows the procedure for processing according to a successionprogram. The succession program is for transferring, in a case where theSVFD cannot be employed, for example, a case where the SVFD is damagedor a case where the SVFD is lost, the data of the SVFD which have beenstored in the backup file to a new SVFD, to continue the processingusing the SVFD.

Referring to FIG. 45, a command to call the backup file stored in the HDor the FD using the input device 3 is given (step 241). The encipheredpassword is read out from the called backup file (step 242), and isdeciphered (step 243).

When a password is entered from the input device 3 by the manager (step244), it is judged whether or not the password coincides with thepassword read out from the backup file and deciphered (step 245). Whenthe passwords coincide with each other, it is judged that the user is afair user, whereby the data in the management key file 1 and theregistered name reading file which have been stored in the backup fileare stored in a new SVFD (step 246). Consequently, it is possible toperform processing such as decryption of ciphertext data using the newSVFD.

FIG. 46 shows the procedure for processing according to a backup erasureprogram. The processing procedure indicates processing for erasing abackup file created for backing up the SVFD.

In FIG. 46, a drive (the HD drive 8 or the FD drive) for reading out adestination at which the backup file is stored (the HD or the FD) andthe name of a directory are entered (step 251). Consequently, the backupfile is read out (step 252). The IDs stored in the SVFD and IDs storedin the backup file read out are compared with each other (step 253).When the IDs's coincide with each other (YES in step 253), it is judgedthat the data stored in the SVFD and data stored in the backup file arethe same, whereby the backup file is erased in accordance with a backupfile erasure command entered from the input device 3 (step 254).

FIG. 47 shows the procedure for processing according to a resettingprogram for changing the password registered in the SVFD into anothernew password.

A password of the SVFD to be changed is entered from the input device 3(step 261). If the entered password is a fair password of the SVFD to bechanged, it is judged that a person who attempts to change the passwordis a fair user, whereby entry of a new password from the input device 3is accepted (step 262). The entered new password is enciphered (step263), and is registered in the management key file 1 (step 264).Thereafter, the password of the SVFD becomes the password newly entered.

If the password entered from the input device 3 in the step 261 is not afair password of the SVFD to be changed, the password cannot be changed(NO in step 261).

FIG. 48 shows the procedure for processing according to an OPFD releaseprogram. The OPFD release program is for releasing, in a case where datastored in an OPFD is installed in the HD to inhibit execution using theOPFD, the inhibition.

In a case where the inhibition of the execution using the OPFD isreleased, an instruction to insert the OPFD whose inhibition is to bereleased into the FD drive is displayed on the display unit 2 (step271). When the OPFD is mounted on the FD drive, a secret key file storedin the OPFD is read out (step 272). When the secret key file is readout, it is judged whether or not IDs stored in the secret key file andthe IDs read out from the SVFD and stored in the internal memory in thecomputer system 1 coincide with each other (step 273). If the IDs'scoincide with each other, the inhibition of the execution using the OPFDput under the management of the SVFD is released (step 274).Consequently, the inhibition of the execution using the OPFD byinstalling the data in the OPFD in the HD is released. Even when the HDis damaged so that the data cannot be read out from the HD, the datastored in the OPFD can be read out.

FIG. 49 shows the procedure for processing according to a programregistering an IDm-for-OPFD.

Names inherent to OPFDs are respectively set in the OPFDs, and arehanded over to workers of the respective OPFDs. The processing procedurefor setting names inherent to OPFDs is shown in FIG. 49.

A name inherent to an OPFD is entered using the input device 3 (step281). IDm for the OPFD is generated from the entered inherent name andidentification data inherent to the OPFD (step 282). Further, amanagement key inherent to the OPFD is generated (step 283), and isenciphered (step 284).

The generated IDm and a management key corresponding to the IDm andenciphered are registered in the management key file in the SVFD (step285). The inherent name entered from the input device 3 is also storedin the registered name reading file in the SVFD (step 286).

It is then judged whether or not the generated IDm and the encipheredmanagement key are to be registered in the OPFD (step 287). When acommand to manage the IDm and the enciphered management key is givenfrom the input device 3 (YES in step 287), an instruction to insert theOPFD is displayed on the display unit 2 (step 288). When the OPFD ismounted on the FD drive, the IDs for the SVFD, the IDm for its own, andthe enciphered management key are stored in a secret key file in theOPFD (step 289).

FIG. 50 shows the procedure for processing according to a registeredname reading program. The registered name reading program is for readingnames of OPFDs managed by the SVFD.

When a registered name reading command is given from the input device 3,the management key file is read from the SVFD (step 291). Consequently,names of all OPFDs under the management of the SVFD are displayed on thedisplay unit 2 (step 292). A desired name of the OPFD out of the namesof the OPFDs displayed on the display unit 2 is entered from the inputdevice 3 (step 293).

The registered name reading file is then read (step 294). When theregistered name reading file is read, the name of the other OPFD whichcan be deciphered using the OPFD designated by the input device 3 (thename of the OPFD to be managed) out of data stored in the readregistered name reading file is retrieved, and the retrieved name isdisplayed on the display unit 3 (step 295).

By registered name reading processing, it can be known which of theOPFDs is used for encryption and whether or not the result of theencryption can be deciphered using the SVFD.

FIG. 51 shows the procedure for processing according to an OPFDcustomization program. The OPFD customization program is for storing IDsfor the SVFD managing an OPFD, IDm for an OPFD and an encipheredmanagement key in a secret key file in the OPFD put under the managementof the SVFD, to customize the OPFD.

In FIG. 51, when a command to operate the OPFD customization program isentered from the input device 3, an instruction to insert an OPFD to becustomized into the FD drive is displayed on the display unit 2.

When the OPFD to be customized is set in the FD drive, a secret key filestored in the OPFD is read out and is stored in the internal memory inthe computer system 1 (step 302).

Furthermore, the name of an OPFD stored in the management key file 1 inthe SVFD is displayed, and the name of the OPFD to be customized isentered from the input device 3 (step 303). IDs, IDm and an encipheredmanagement key in the OPFD having the entered name are read out from themanagement key file 1 of the SVFD, and are registered in the secret keyfile in the OPFD to be customized (step 304). Consequently, the OPFD hasbeen customized, whereby a customization flag is set to one inconformity with the IDm for the OPFD customized in the management keyfile 1 in the SVFD (step 305).

It is then judged whether or not in conformity with the name of the OPFDcustomized once, the OPFD having the name is to be customized again(step 306). This re-registration of the OPFD is executed when an oldOPFD is changed into a new OPFD, for example.

In a case of the re-registration of the OPFD (YES in step 306), theregistered name reading file is read out, whereby the name of the OPFDbefore the re-registration is searched (step 307). When the name of theOPFD before the re-registration is retrieved, the retrieved name of theOPFD and the name of the other OPFD stored in conformity with the nameare erased from the registered name reading file (step 308). If it isnot the case of the re-registration of the OPFD (NO in step 306), theprocessing in the steps 307 and 308 is skipped.

It is then judged whether or not a management key in the other OPFD isto be registered (step 309). By registering the management key in theother OPFD, data enciphered by using the other OPFD can be deciphered.

When the management key in the other OPFD is registered (YES in step309), the names registered in the management key file 1 are displayed onthe display unit 2, and a desired name is entered from the input device3 (step 310). IDm corresponding to the name entered from the inputdevice 3 and an enciphered management key in the OPFD corresponding tothe name are registered in a management key file 2 in the OPFD (step311).

Furthermore, the registered name reading file is read out (step 312),and a management key is stored in the name of the corresponding otherOPFD in the registered name reading file (step 313).

FIG. 52 shows the procedure for processing according to a management keyregistration program.

In FIG. 52, when a management key registration command is given from theinput device 3, an instruction to insert an OPFD in which a managementkey is to be registered into the FD drive is displayed on the displayunit 2 (step 321). When the OPFD is mounted on the FD drive, amanagement key file 2 stored in the OPFD is read out, and is stored inthe internal memory in the computer system 1 (step 322).

The names of OPFDs having management keys stored in the management keyfile 1 are then displayed on the display unit 2. The name of the OPFDhaving a management key to be registered out of the names of the OPFDsdisplayed on the display unit 2 is entered from the input device 3 (step323). A management key, and IDs and IDm stored in the OPFD having thename entered by the input device 3 are stored in the management key file2 in the OPFD (step 324).

Furthermore, the registered name reading file is read out (step 325),and a management key is stored in the name of the corresponding otherOPFD in the registered name reading file (step 326).

FIG. 53 shows the procedure for processing according to a management keyelimination program.

When a management key elimination command is entered into the inputdevice 3, an instruction to insert an OPFD storing a management key tobe eliminated into the FD drive is displayed on the display unit 2 (step331). A management key file 2 is read out from the OPFD mounted on theFD drive, and is temporarily stored in the internal memory in thecomputer system 1 (step 332). The management key file in the SVFD isalso read out (step 333).

The management key file 2 in the OPFD is read out, and the names ofOPFDs having management keys stored in the management key file 2 aredisplayed on the display unit 2 (step 334).

The name of the OPFD having the management key to be eliminated out ofthe names of the OPFDs displayed on the display unit 2 is entered fromthe input device 3 (step 335). When the name is entered from the inputdevice 3, the name and an enciphered management key corresponding to thename are eliminated from the management key file 2 (step 336).

The name of the OPFD having the eliminated management key is retrievedfrom the registered name reading file (step 337), and is eliminated(steps 338 and 339).

FIGS. 54a and 54b show the procedure for processing according to adecryption program of ciphertext data using the SVFD. Ciphertext datagenerated using a secret key and a management key stored in an OPFD canbe deciphered using the SVFD.

FIGS. 54a and 54b show the procedure for decryption processing using theSVFD.

In FIG. 54a, an FD storing enciphered files is set in the FD drive 6.All the file names of the enciphered files stored in the FD aredisplayed on the display unit 2. The file name of an enciphered file tobe deciphered out of the file names displayed on the display unit 2 isentered from the input device 3 (step 341). The enciphered file havingthe file name entered from the input device 3 is read from the FD (step342).

In decryption processing of ciphertext data, it is necessary thatciphertext data enciphered by an OPFD having a low version can bedeciphered by the SVFD having a higher version than the version of theOPFD. Therefore, the version of the OPFD stored in the enciphered fileand the version of the SVFD are compared with each other (step 343).Decryption is possible if the version stored in the enciphered file islower than the version of the SVFD, while being impossible if it is notlower.

When the version stored in the enciphered file is lower than the versionof the SVFD, the IDs for the SVFD and IDs stored in the enciphered fileare compared with each other (step 344). If the IDs's coincide with eachother, the enciphered file can be deciphered because it is enciphered bythe OPFD which is put under the management of the SVFD set in theenciphering/deciphering device. On the other hand, if the IDs's do notcoincide with each other, the enciphered file cannot be decipheredbecause it is enciphered by the OPFD which is not put under themanagement of the SVFD set in the enciphering/deciphering device.

When the IDs's coincide with each other, so that it is judged thatdecryption is possible (YES in step 344), the same IDm as the IDm storedin the enciphered file is searched in the management key file 1 (step345).

If the same IDm exist (step 345), an enciphered management keycorresponding to the IDm retrieved from the management key file 1 isread out and is deciphered (step 346).

The enciphered key 2 is then read out from the enciphered file, and isdeciphered using the deciphered management key (step 347). Ciphertextdata is deciphered using the deciphered management key (step 348), andplaintext data obtained by the decryption is displayed on the displayunit 2 (step 349).

It is judged whether or not the data displayed on the display 2 isscrolled (step 350), and data scrolling processing is performed if thedata is scrolled (step 354). If the data is not scrolled (NO in step350), it is judged whether or not a file for storing deciphered data isto be created (step 351).

When a file is created, a destination at which the file is to be storedis entered by the input device 3, to create the file (steps 352 and353).

FIG. 55 shows the procedure for processing according to a file checkprogram. The file check program is for confirming a creator of anenciphered file and a person who sets inhibition of decryption in a casewhere decryption is inhibited.

In FIG. 55, an FD storing an enciphered file set in an FD drive isstored in the internal memory in the computer system 1 (step 361). Inorder to confirm whether or not the enciphered file has been encipheredby an OPFD put under the management of the SVFD of its own, IDs storedin the enciphered file and the IDs stored in the SVFD are compared witheach other (step 362).

When the IDs's coincide with each other, the name of the OPFD used forcreating the enciphered file is read out from the enciphered file, andis displayed on the display unit 2 (step 363).

Furthermore, it is judged whether or not creator decryption inhibitioninformation in an enciphered file is set to one (step 364), and the nameof an OPFD used for inhibiting creator decryption is displayed on thedisplay unit 2 if the creation decryption inhibition information is setto one (step 365).

FIG. 56 shows the procedure for processing according to an installationprogram. The installation program is for transferring data stored in theSVFD to the HD and reading out the data from the HD, to performencryption/decryption processing.

When the data in the SVFD have been already installed in the HD, anexecution inhibition flag is set to one, to inhibit the installation.This is for preventing unfair copying of the data in the SVFD.Therefore, it is first judged whether or not the execution inhibitionflag is set to one (step 371). When the execution inhibition flag is setto one (YES in step 371), the data cannot be installed, to terminate theprocessing.

If the execution inhibition flag is not set to one (NO in step 371), aninstruction to enter a drive at a destination of the installation (theHD drive 8) and a directory is displayed on the display unit 2 (step372). The drive at the destination of the installation and the directoryare entered from the input device 3 on the basis of the display (step373).

It is judged whether or not a directory has been already created in thedrive at the destination of the installation entered from the inputdevice 3 (step 374). When the directory is not created (NO in step 374),the directory is created (step 375). When the directory has been alreadycreated (YES in step 374), the processing in the step 375 is skipped.

Furthermore, it is judged whether or not the SVFD has been alreadyinstalled (step 376), the data stored in the SVFD are transferred to theHD when the SVFD is not installed (step 377), and the executioninhibition flag of the SVFD is set to one (step 378).

FIG. 57 shows the procedure for processing according to a reverseinstallation program. The reverse installation program is for returningthe data installed in the HD from the SVFD to the SVFD again.

In FIG. 57, the HD drive 8 and the directory name are entered from theinput device 3 (step 381). Data stored in the HD are read by the enteredHD drive 8, whereby a management key file 1 is read from the HD (step382). The SVFD to be subjected to reverse-installation is set in the FDdrive, whereby the management key file 1 in the SVFD is read (step 383).

IDs stored in the management key file 1 read from the HD and IDs storedin the management key file read from the SVFD are compared with eachother (step 384). When the IDs's coincide with each other, themanagement key file 1 and a registered name reading file which have beenstored in the HD are transferred to the SVFD, and are registered therein(step 385). When the management key file 1 and the registered namereading file are registered in the SVFD, programs of the HD, themanagement key file 1 and the registered name reading file which havebeen stored in the HD are erased (step 386). Consequently, the data inthe HD is prevented from being read out.

FIG. 58 shows the procedure for processing according to an encipheredkey generation program. FIG. 59 illustrates the electrical configurationfor generating an enciphered key.

When an enciphered key is generated as shown in FIG. 59, input data andinitial value data or output data of an enciphering circuit 92 are addedin an adding circuit 91, and data obtained by the addition is enteredinto the enciphering circuit 92. The data entered into the encipheringcircuit 92 is enciphered in the enciphering circuit 92 using a key, andis outputted. The data outputted from the enciphering circuit 92 is usedas an enciphered key.

FIG. 58 shows the procedure for processing for generating, in suchenciphered key generation, the enciphered key using time data as any oneof the key, and the input data and the initial value data entered intothe adding circuit 91.

In FIG. 58, the time data is entered (step 391), and the time data isused as the input data, the average data or the key shown in FIG. 59, togenerate enciphered data (step 392). The enciphered data thus generatedis used as a file key 44, a secret key 47 or a management key 48 (step393).

(4) Contents of Programs in OPFD

FIG. 60 illustrates the contents of a program file in an OPFD.

The OPFD stores a control program, an encryption program, a decryptionprogram, a creator decryption inhibition program, a management namereading program, a password resetting program, an installation program,a reverse installation program, and a key generation program.

FIGS. 61a to 68 show the procedure for processing according to each ofthe programs in the program file stored in the OPFD.

FIGS. 61a and 61b show the procedure for processing according to thecontrol program in the OPFD.

In FIG. 61a, the OPFD is set in the FD drive, and a secret key filestored in the OPFD is read out (step 401). It is judged whether or notan execution program of the OPFD has been already installed in the HD(step 402). If the execution program is not installed in the HD, it isjudged whether or not an FD execution inhibition flag is set to one(step 403).

If the FD execution inhibition flag is not set to one (NO in step 403),it is judged whether or not the OPFD is customized (step 404). If theOPFD has been already customized, the OPFD set in the FD drive can beemployed. It is then judged whether or not an enciphered password isstored in the OPFD (step 405). If the enciphered password is stored inthe OPFD (YES in step 405), a password is entered from the input device3 in order to confirm whether or not a user of the OPFD is a fair user(step 406).

It is judged whether or not the passwords coincide with each other (step407). If the passwords coincide with each other (YES in step 407), it isjudged that the user of the OPFD is a fair user, whereby processing suchas encryption is made possible. Consequently, encryption processing(step 408), decryption processing (step 409), processing for inhibitingcreator decryption (step 410), management name reading processing (step411), and password resetting processing (step 412) are made possible.The processing will be described in detail later.

When the enciphered password is not stored in the OPFD set in the FDdrive (NO in step 405), the password used for confirming a fair user ofthe OPFD is entered from the input device 3 (step 413), and the passwordis enciphered and is registered in the secret key file (step 414).

FIG. 62 shows the procedure for processing according to the encryptionprogram using the OPFD.

A plaintext file to be enciphered out of plaintext files stored in theexternal storage device 4 is selected by the input device 3 (step 421).Plaintext data selected by the input device 3 is displayed on thedisplay unit 3 (step 422). If the plaintext data is not scrolled (NO instep 423), it is judged whether or not the data is normal (step 424).

If the data is normal, a secret key is generated and is enciphered(steps 425 and 426).

The OPFD is set in the FD drive 5, whereby a secret key file stored inthe OPFD is read into the internal memory in the computer system 1 (step427). The enciphered secret key and IDs are registered in the secret keyfile (step 428).

Furthermore, a file key is generated (step 429), and an encipheredmanagement key which has been stored in the secret key file isdeciphered (step 430).

An enciphered key 1 and an enciphered key 2 are generated from thegenerated secret key and the deciphered management key (steps 431 and432).

A destination in an enciphered file at which the enciphered key 1 andthe enciphered key 2 are to be stored is designated (step 433), and anenciphered file is created (step 434) and is stored.

When enciphered data is generated, the generated enciphered data isdisplayed on the display unit 2 (steps 435 and 436).

FIGS. 63a, 63b and 63c show the procedure for processing according tothe decryption program. The decryption program is for decryptingciphertext data enciphered by an OPFD using the OPFD. In the decryptionprogram, there are cases such as a case where data enciphered using anOPFD of its own is deciphered and a case where data enciphered using anOPFD of another person is deciphered.

In FIG. 63a, an enciphered file to be deciphered out of enciphered filesset in the FD drive is selected by the input device 3 (step 441).

It is judged whether or not a version number stored in the encipheredfile is not more than the version number of the OPFD (step 442). If theversion number is not more than the version number of the OPFD (YES instep 442), decryption is possible, whereby a secret key file stored inthe OPFD is read out. It is judged whether or not IDs and IDm stored inthe enciphered file respectively coincide with IDs and IDm stored in thesecret key file (steps 444 and 445).

If the IDs's do not coincide with each other (NO in step 444), theenciphered file cannot be deciphered because it is not enciphered byOPFDs under the management of the same SVFD.

When the IDs's coincide with each other (YES in step 444), theenciphered file can be deciphered because it is enciphered by OPFDsunder the management of the same SVFD. When the IDs's coincide with eachother, it is judged whether or not the IDms coincide with each other(step 445). If the IDms coincide with each other, it is the ciphertextdata generated by an OPFD of its own and is subjected to decryptionprocessing using a secret key. If the IDms do not coincide with eachother, it is the ciphertext data generated by an OPFD of another personand is subjected to decryption processing using a management key.

When the IDms coincide with each other (YES in step 445), it is judgedwhether or not creator decryption inhibition information in the OPFD isset to one (step 446). If the creator decryption inhibition informationhas been set to one, decryption is inhibited.

If the creator decryption inhibition information is not set to one (YESin step 446), it is judged whether or not the same IDf as IDf stored inthe enciphered file is stored in the secret key file (step 447). Whenthe IDf is stored in the secret key file (YES in step 447), theciphertext data is scrolled on the display unit 3 in FIG. 63c (steps 448and 449).

An enciphered secret key corresponding to the IDf retrieved in thesecret key file is deciphered (step 450), and the enciphered key 1 isdeciphered using the deciphered secret key (step 451). The ciphertextdata which has been stored in the enciphered file is deciphered usingthe deciphered enciphered key 1 (step 452).

When the ciphertext data is deciphered, the deciphered data is displayedon the display unit 3 (step 453). If the deciphered data is not scrolled(NO in step 454), a decryption buffer is eliminated (step 455). If thedeciphered data is scrolled (YES in step 454), data scrolling processingis performed (step 461).

If the IDms do not coincide with each other in the step 445, processingfor deciphering the data enciphered by the OPFD of the other person isperformed.

In FIG. 63b, the IDm of the enciphered file is retrieved from themanagement key file 2 (step 456), and the ciphertext data is displayedif the IDm is retrieved (steps 457 and 458). An enciphered managementkey corresponding to the retrieved IDm is retrieved and is deciphered(step 459). The enciphered key 2 is deciphered using the decipheredmanagement key (step 460), and the ciphertext data is deciphered (step452).

FIG. 64 shows the procedure for processing according to the creatordecryption inhibition program. The creator decryption inhibition programis for inhibiting ciphertext from being deciphered by a worker who hascreated the ciphertext.

An FD storing an enciphered file is set in the FD drive, and anenciphered file which is to be inhibited from being deciphered by acreator is selected (step 471). An OPFD is set in the FD drive, and asecret key file stored in the OPFD is read into the internal memory inthe computer system 1 (step 472).

It is judged whether or not IDs stored in the enciphered file and IDsstored in the secret key file coincide with each other (step 473). Ifthe IDs's coincide with each other, it is judged that they are theenciphered file which has been enciphered by OPFD put under themanagement of the same SVFD and the OPFD (YES in step 473), and amanagement key file of the OPFD is stored in the internal memory in thecomputer system 1 (step 474).

When IDm which coincides with IDm of the enciphered file exists in themanagement key file (YES in step 475), it is judged that the encipheredfile has been enciphered by an OPFD which is managed by the OPFD of itsown, whereby the inhibition of creator decryption is confirmed, so thatthe enciphered key 1 in the enciphered file is eliminated (step 477).Since the enciphered key 1 is eliminated, a file key cannot be obtainedeven if a secret key is used, whereby decryption processing is madeimpossible. The name of the OPFD used for inhibiting creator decryptionis stored in the enciphered file (step 478).

FIG. 65 shows the procedure for processing according to the managementname reading program. The management name reading program is fordisplaying the name of an OPFD of another person which is managed by anOPFD of its own.

When the OPFD is set in the FD drive, a management key file is read inthe memory contained in the computer system 1 (step 481). Consequently,the name of the OPFD of the other person which is managed by the OPFD ofits own is displayed on the display unit 3 (step 482).

FIG. 66 shows the procedure for processing according to the passwordresetting program.

Although a password is also enciphered and is stored in the OPFD, thechange thereof is also possible. When the password is changed, a newpassword is entered from the input device 3 (step 491), and isenciphered (step 492). The enciphered new password is stored in a secretkey file (step 493). When the new password is stored in the OPFD, it isthereafter confirmed using the new password whether or not the user ofthe OPFD is a fair user.

FIG. 67 shows the procedure for processing according to the installationprogram in the OPFD.

If an execution inhibition flag is not set in the OPFD (NO in step 501),it is judged whether or not the OPFD has been already installed in theHD (step 502). Unless the OPFD has been already installed in the HD,data in the OPFD are installed in the HD (step 503), and an executioninhibition flag of the OPFD is set to one.

FIG. 68 shows the procedure for processing according to the reverseinstallation program.

The name of the HD drive is entered (step 511), and a secret key filestored in the HD is read (step 512). If there is a secret key file (YESin step 513), the OPFD is set in the FD drive, and a secret key file ofthe OPFD is read (step 514).

When IDs's and IDms stored in the secret key files respectively coincidewith each other (YES in steps 515 and 516), data stored in the HD aretransferred to the OPFD, and are registered therein (step 517). The datawhich have been stored in the HD are erased (step 518).

Although an enciphered key can be also generated by the key generationprogram in the OPFD, the procedure for processing is the same as thatusing the SVFD and hence, the overlapped description is omitted.

According to the eighth embodiment, one manager, for example, apresident, a secretary, etc. is made to have the SVFD, and staff membersare made to have the respective OPFDs, whereby enciphered data generatedby each of the staff members can be deciphered by the president, thesecretary, etc. having the SVFD. By storing in the OPFD a management keyof the other OPFD, ciphertext data generated by a person who has theother OPFD, for example, a staff member can be deciphered by his or hersuperior.

Inherent identification data are stored in addition to inherentidentification names in the SVFD and the OPFD. Even if a new SVFD orOPFD is purchased, therefore, its inherent identification name and itsinherent identification name respectively differ. Consequently, it isimpossible to decipher using the SVFD or the OPFD newly purchased dataenciphered using the other SVFD or the other OPFD. Therefore, highsecrecy of the ciphertext data is maintained.

We claim:
 1. An encryption/decryption communication system in which afirst enciphering/deciphering device and a secondenciphering/deciphering device are connected to each other throughcommunicating means, whereinsaid first enciphering/deciphering devicecomprises data encryption key forming means for forming a dataencryption key used for enciphering plaintext data, data encipheringmeans for enciphering said plaintext data using said data encryption keyto form ciphertext data, key enciphering means for enciphering said dataencryption key using a management key to form an enciphered key, firstauthenticator enciphering means for enciphering an authenticator forconfirming whether or not transmitted data is correctly transmitted andreceived using said data encryption key to generate a first encipheredauthenticator, and transmitting means for transmitting said ciphertextdata, said enciphered key and said first enciphered authenticator, saidsecond enciphering/deciphering device comprises receiving means forreceiving the ciphertext data, the enciphered key, and the firstenciphered authenticator transmitted by said transmitting means, keydeciphering means for deciphering the enciphered key received by saidreceiving means using the same management key as the management key usedin said first enciphering/deciphering device to form a data encryptionkey, data deciphering means for deciphering the ciphertext data receivedby said receiving means using the data encryption key formed by said keydeciphering means to form plaintext data, authenticator decipheringmeans for deciphering the first enciphered authenticator received bysaid receiving means using the data encryption key formed by said keydeciphering means, second authenticator enciphering means forenciphering the authenticator obtained as a result of the deciphering bysaid authenticator deciphering means using said management key to form asecond enciphered authenticator, and returning means for returning saidsecond enciphered authenticator to said first enciphering/decipheringdevice, and said first enciphering/deciphering device deciphers thesecond enciphered authenticator transmitted from said secondenciphering/deciphering device using said management key, and collatesthe deciphered authenticator with the authenticator which has beensubjected to the enciphering by said first authenticator encipheringmeans.
 2. An encryption/decryption communication system in which a firstenciphering/deciphering device and a second enciphering/decipheringdevice are connected to each other through communicating means,whereinsaid first enciphering/deciphering device comprises dataencryption key forming means for forming a data encryption key used forenciphering plaintext data, data enciphering means for enciphering saidplaintext data using said data encryption key to form ciphertext data,key enciphering means for enciphering said data encryption key using amanagement key to form an enciphered key, first authenticatorenciphering means for enciphering an authenticator for confirmingwhether or not transmitted data is correctly transmitted and receivedusing said management key to form a first enciphered authenticator, andtransmitting means for transmitting said ciphertext data, saidenciphered key and said first enciphered authenticator, said secondenciphering/deciphering device comprises receiving means for receivingthe ciphertext data, the enciphered key, and the first encipheredauthenticator transmitted by said transmitting means, key decipheringmeans for deciphering the enciphered key received by said receivingmeans using the same management key as the management key used in saidfirst enciphering/deciphering device to form a data encryption key, datadeciphering means for deciphering the ciphertext data received by saidreceiving means using the data encryption key formed by said keydeciphering means to form plaintext data, authenticator decipheringmeans for deciphering the first enciphered authenticator received bysaid receiving means using said management key, second authenticatorenciphering means for enciphering the authenticator obtained as a resultof the deciphering by said authenticator deciphering means using thedata encryption key formed by said key deciphering means to form asecond enciphered authenticator, and returning means for returning saidsecond enciphered authenticator to said first enciphering/decipheringdevice, and said first enciphering/deciphering device deciphers thesecond enciphered authenticator transmitted from said secondenciphering/deciphering device using said data encryption key formed bythe data encryption key forming means, and collates the decipheredauthenticator with the authenticator which has been subjected to theenciphering by said first authenticator enciphering means.
 3. Anenciphering/deciphering device using operation storage media eachstoring inherent supervisor identification data and inherent operationidentification data and a supervisor storage medium storing saidsupervisor identification data, comprising:data encryption key formingmeans for forming a data encryption key used for enciphering plaintextdata; secret key forming means for forming a secret key used forenciphering the data encryption key formed by said data encryption keyforming means; management key forming means for forming a management keyused for enciphering the data encryption key formed by said dataencryption key forming means; first storage controlling means forstoring in said operation storage medium the secret key formed by saidsecret key forming means and the management key formed by saidmanagement key forming means; and second storage controlling means forstoring the management key formed by said management key forming meansin said supervisor storage medium.
 4. The enciphering/deciphering deviceaccording to claim 3, further comprisingdata enciphering means forenciphering said plaintext data using said data encryption key to formciphertext data, first key enciphering means for enciphering said dataencryption key using the secret key formed by said secret key formingmeans to form a first enciphered key, second key enciphering means forenciphering said data encryption key using the management key formed bysaid management key forming means to form a second enciphered key, andthird storage controlling means for storing in a first storage mediumsaid ciphertext data, said first enciphered key and said secondenciphered key.
 5. The enciphering/deciphering device according to claim4, further comprisingfourth storage controlling means for storing themanagement key stored in one operation storage medium in the otheroperation storage medium.
 6. The enciphering/deciphering deviceaccording to claim 3, further comprisingoperation identification nameentering means for entering an operation identification name inherent tosaid operation storage medium for identifying the operation storagemedium, and supervisor identification name entering means for entering asupervisor identification name inherent to said supervisor storagemedium for identifying the supervisor storage medium, said first storagecontrolling means storing in said operation storage medium thesupervisor identification name entered by said supervisor identificationname entering means and the operation identification name entered bysaid operation identification name entering means, and said secondstorage controlling means storing in said supervisor storage medium thesupervisor identification name entered by said supervisor identificationname entering means.
 7. The enciphering/deciphering device according toclaim 6, whereinsaid second storage controlling means stores in saidsupervisor storage medium a list of the operation identification namesstored in said all operation storage media.
 8. Theenciphering/deciphering device according to claim 7, furthercomprisingfirst selecting means for selecting a first operationidentification name from the list of the operation identification namesstored in said supervisor storage medium, second selecting means forselecting a second operation identification name, and fifth storagecontrolling means for storing identification data including the firstoperation identification name and the management key which are stored ina first operation storage medium specified by the first operationidentification name selected by said first selecting means in a secondoperation storage medium specified by the second operationidentification name selected by said second selecting means.
 9. Theenciphering/deciphering device according to claim 8, whereinsaid secondstorage controlling means stores in said supervisor storage medium thefirst operation identification name and the management key which arestored in said second operation storage medium in association with saidsecond operation identification name.
 10. The enciphering/decipheringdevice according to claim 7, further comprisingoverlapped names judgingmeans for judging whether or not the operation identification nameentered from said operation identification name entering means areoverlapped with the operation identification names stored as a list inthe supervisor storage medium, when said overlapped names judging meansjudges that they are overlapped with each other, a name obtained byadding an additive name to the operation identification name enteredfrom said operation identification name entering means being stored inthe operation storage medium.
 11. The enciphering/deciphering deviceaccording to claim 3, further comprisingsecret key enciphering means forenciphering the secret key formed by said secret key forming means, andmanagement key enciphering means for enciphering the management keyformed by said management key forming means, said first storagecontrolling means storing in the operation storage medium the secret keyenciphered by said secret key enciphering means and said management keyenciphered by said management key enciphering means, said second storagecontrolling means storing in said supervisor storage medium themanagement key enciphered by said management key enciphering means. 12.The enciphering/deciphering device according to claim 11, whereinsaidsecret key enciphering means enciphers the secret key formed by saidsecret key forming means using the management key formed by saidmanagement key forming means.
 13. An enciphering/deciphering devicecomprising:first reading means for reading out from a first storagemedium storing ciphertext data, a first enciphered key and a secondenciphered key the ciphertext data, the first enciphered key and thesecond enciphered key; second reading means for reading out from anoperation storage medium storing inherent operation identification dataand a secret key for deciphering said first enciphered key read out fromsaid first reading means the secret key; first key deciphering means fordeciphering said first enciphered key using the secret key read out bysaid second reading means to form a data decryption key; first datadeciphering means for deciphering said ciphertext data using the datadecryption key formed by said first key deciphering means to formplaintext data; and storage controlling means for storing in a secondstorage medium the plaintext data formed by said first data decipheringmeans.
 14. The enciphering/deciphering device according to claim 13,further comprisingthird reading means for reading out from a supervisorstorage medium storing said operation identification data, inherentsupervisor identification data and a management key for deciphering saidsecond enciphered key read out from said first reading means themanagement key; second key deciphering means for deciphering said secondenciphered key using the management key read out by said third readingmeans to form a data decryption key; and second data deciphering meansfor deciphering said ciphertext data using the data decryption keyformed by said second key deciphering means to form plaintext data, saidstorage controlling means storing in said second storage medium theplaintext data formed by said second data deciphering means.
 15. Theenciphering/deciphering device according to claim 14, whereinsaid secondreading means reads out from an operation storage medium storinginherent operation identification data, a secret key for deciphering thefirst enciphered key, and a management key for the other operationstorage medium said management key, and said second key decipheringmeans deciphers said second enciphered key using said management keyread out by said second reading means to form a data decryption key. 16.The enciphering/deciphering device according to claim 15, furthercomprisingjudging means for judging whether or not said secondenciphered key can be deciphered using the management key for the otheroperation storage medium stored in the operation storage medium, andfirst enciphered key eliminating means for erasing said first encipheredkey stored in said first storage medium in response to the fact thatsaid judging means judges that the deciphering is possible.
 17. Theenciphering/deciphering device according to claim 16, furthercomprisingdisplay controlling means for displaying the operationidentification name of the operation storage medium in response to thefact that said first enciphered key is erased by said first encipheredkey eliminating means.
 18. The enciphering/deciphering device accordingto claim 14, further comprisingstorage controlling means for reading outdata relating to the management key stored in said supervisor storagemedium and storing the data in the other storage medium.
 19. Theenciphering/deciphering device according to claim 18, furthercomprisingeliminating means for erasing the data relating to themanagement key in the supervisor storage medium which is stored in saidother storage medium.
 20. The enciphering/deciphering device accordingto claim 18, further comprisingmeans for reversely transferring the datarelating to the management key stored in said other storage medium tothe original supervisor storage medium to store therein and erasing thedata relating to the management key in said other storage medium. 21.The enciphering/deciphering device according to claim 3, furthercomprisingtransfer judging means for judging whether or not the datarelating to the key stored in said operation storage medium or saidsupervisor storage medium has been transferred to the other storagemedium, and reading inhibition controlling means for inhibiting the datarelating to the key stored in the original operation storage medium orsupervisor storage medium from being read out in response to the factthat the transfer judging means judges that the data has beentransferred to the other storage medium.
 22. The enciphering/decipheringdevice according to claim 21, further comprisingfirst reading inhibitionrelease controlling means for releasing the inhibition of the reading ofthe data in the operation storage medium by said reading inhibitioncontrolling means.
 23. The enciphering/deciphering device according toclaim 3, whereinsaid operation identification data or said supervisoridentification data is random-number data or enciphered time data. 24.The enciphering/deciphering device according to claim 4, whereinsaidsupervisor storage medium or said operation storage medium stores aversion code, and said third storage controlling means stores in saidfirst storage medium said version code in addition to said ciphertextdata, said first enciphered key and said second enciphered key.
 25. Theenciphering/deciphering device according to claim 14, wherein versioncodes are respectively stored in said first storage medium, saidoperation storage medium and said supervisor storage medium, furthercomprisingcomparing means for comparing the version code read out bysaid first reading means with the version code read out by said secondreading means or the version code read out by said third reading means,and key formation controlling means for allowing the formation of thedata decryption key by said first key deciphering means and theformation of the data decryption key by said second key decipheringmeans when it is judged that the version code read out by said firstreading means represents an older version than a version represented bythe version code read out by said second reading means or the versioncode read out by said third reading means as a result of the comparisonby said comparing means.
 26. The enciphering/deciphering deviceaccording to claim 3, whereintime data is fed as input data, an initialvalue or an enciphered key to enciphering means, and enciphered dataobtained from said enciphering means is used as said data encryptionkey, said secret key or said management key.
 27. Anenciphering/deciphering method using operation storage media eachstoring inherent operation identification data and a supervisor storagemedium storing inherent supervisor identification data, comprising thesteps of:forming a data encryption key used for enciphering plaintextdata; forming a secret key used for enciphering the formed dataencryption key; forming a management key used for enciphering the formeddata encryption key; storing in said operation storage medium the formedsecret key and the formed management key; and storing the formedmanagement key in said supervisor storage medium.
 28. Anenciphering/deciphering method using operation storage media eachstoring inherent operation identification data and a supervisor storagemedium storing inherent supervisor identification data, comprising thesteps of:forming a data encryption key used for enciphering plaintextdata; forming a secret key used for enciphering the formed dataencryption key, forming a management key used for enciphering the formeddata encryption key; storing in said operation storage medium the formedsecret key and the formed management key; storing the formed managementkey in said supervisor storage medium; enciphering said plaintext datausing said data encryption key to form ciphertext data; enciphering saiddata encryption key using said secret key to form a first encipheredkey; enciphering said data encryption key using said management key toform a second enciphered key; and storing in a first storage medium saidciphertext data, said first enciphered key and said second encipheredkey.
 29. The enciphering/deciphering method according to claim 27,further comprising the step ofstoring the management key stored in oneoperation storage medium in the other operation storage medium.
 30. Anenciphering/deciphering method comprising the steps of:reading out froma first storage medium storing ciphertext data, a first enciphered keyand a second enciphered key the ciphertext data, the first encipheredkey and the second enciphered key; reading out from an operation storagemedium storing an inherent operation identification name, inherentoperation identification data, and a secret key for deciphering saidfirst enciphered key said secret key; deciphering said first encipheredkey using said secret key read out to form a data decryption key;deciphering said ciphertext data using the formed data decryption key toform plaintext data; and storing the formed plaintext data in a secondstorage medium.
 31. The enciphering/deciphering method according toclaim 30, further comprising the steps ofreading out from an operationstorage medium storing inherent operation identification data, a secretkey for deciphering said first enciphered key, and a management key forthe other operation storage medium said management key, and decipheringsaid second enciphered key using said management key read out to form adata decryption key.
 32. The enciphering/deciphering method according toclaim 29, comprising the step ofperforming encryption processing usingtime data as input data, an initial value or an encryption key,enciphered data obtained by the encryption processing being used as saiddata encryption key, said secret key or said management key.
 33. Anenciphering/deciphering method according to claim 30, further comprisingthe steps ofreading out from a supervisor storage medium storing saidoperation identification name, said operation identification data, aninherent supervisor identification name, inherent supervisoridentification data and a management key for deciphering said secondenciphered key said management key, and deciphering said secondenciphered key using said management key read out to form a datadecryption key.
 34. A computer readable operation storage medium whichis used in an enciphering/deciphering device including a computer and ismanaged by a supervisor storage medium, the operation storage mediumstoring thereinsupervisor identification data inherent to saidsupervisor storage medium, an enciphered secret key obtained byenciphering a secret key for enciphering a data encryption key used forenciphering plaintext data, a decryption program for deciphering saidenciphered secret key to obtain the secret key, an enciphered managementkey obtained by enciphering a management key for enciphering said dataencryption key, and a decryption program for deciphering said encipheredmanagement key to obtain the management key.
 35. The operation storagemedium according to claim 34, said operation storage medium storingtherein an enciphered management key stored in the other operationstorage medium than said operation storage medium.
 36. A computerreadable supervisor storage medium, which is used in anenciphering/deciphering device including a computer, for managingoperation storage media each storing therein an enciphered secret keyobtained by enciphering a secret key for enciphering a data encryptionkey used for enciphering a plaintext data and a first encipheredmanagement key obtained by enciphering a management key for encipheringthe data encryption key, the supervisor storage medium storingthereinoperation identification data inherent to said operation storagemedia, inherent supervisor identification data, a second encipheredmanagement key obtained by enciphering the same management key as saidmanagement key, and a decryption program for deciphering said secondenciphered management key to obtain said management key.
 37. Thesupervisor storage medium according to claim 36, wherein said operationidentification data includes a given operation identification name,saidsupervisor storage medium storing therein a program for displaying alist of the operation identification names stored therein.
 38. Thesupervisor storage medium according to claim 36 further storing thereina program for erasing, from a storage medium storing therein ciphertextdata enciphered using said data encryption key, a first enciphered keywhich is to be deciphered by said secret key and a second enciphered keywhich is to be deciphered by said management key, said first encipheredkey.
 39. The supervisor storage medium according to claim 36, whereinversion codes are respectively stored in a storage medium, saidoperation storage medium and said supervisor storage medium, saidsupervisor storage medium further storing therein,a comparing programfor comparing the version code read out from said storage medium withthe version code read out from said operation storage medium or theversion code read out from said supervisor storage medium, and a programfor allowing the deciphering of said first enciphered management key andthe deciphering of said second enciphered management key when it isjudged that the version code read out from said storage mediumrepresents an older version than or equal to a version represented bythe version code read out from said operation storage medium or theversion code read out from said supervisor storage medium as a result ofthe comparison by said comparing program.